CVE-2010-2267

Name of the Vulnerable Software and Affected Versions Accoria Web Server versions 1.4.7

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters, including the query string to the getenv sample program, the desc parameter to "loadstatic.cgi", the name parameter to "httpdcfg.cgi", or the dns parameter to "servercfg.cgi".

Recommendations For Accoria Web Server version 1.4.7, consider restricting access to the getenv sample program, "loadstatic.cgi", "httpdcfg.cgi", and "servercfg.cgi" until a patch is available. As a temporary workaround, avoid using the desc parameter in "loadstatic.cgi", the name parameter in "httpdcfg.cgi", and the dns parameter in "servercfg.cgi" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.