CVE-2002-0230

Name of the Vulnerable Software and Affected Versions Faq-O-Matic version 2.712

Description The issue concerns a cross-site scripting vulnerability that allows remote attackers to execute arbitrary Javascript on other clients. This is achieved via the cmd parameter in fom.cgi, which causes the script to be inserted into an error message. Additionally, there are multiple vulnerabilities in the faqomatic package that can lead to a breach of protected information integrity, and these can be exploited remotely.

Recommendations For Faq-O-Matic version 2.712, consider restricting access to the fom.cgi script until a patch is available, and avoid using the cmd parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.