CVE-2008-2852

NameCVE-2008-2852
DescriptionCross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when an Internet Explorer based browser is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to failure to set the charset in error messages.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs497761

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cgiwrapsource(unstable)(unfixed)low497761

Notes

[etch] - cgiwrap <no-dsa> (Minor issue)
only applies to certain character sets and only works with
browsers. There isn't a good solution available, the patch uses
a compile-time charset specification. All in all not a real
priority to fix in etch.
Search for package or bug name: Reporting problems