VYPR

Cgiecho

by CPanel

CVEs (4)

  • CVE-2017-5613HigMar 3, 2017
    risk 0.51cvss 7.8epss 0.03

    Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.

  • CVE-2017-5616MedMar 3, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.

  • CVE-2017-5615MedMar 3, 2017
    risk 0.40cvss 6.1epss 0.01

    cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.

  • CVE-2017-5614MedMar 3, 2017
    risk 0.40cvss 6.1epss 0.01

    Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.