Intrusion Prevention

CGI.Referer.XSS

Description

This threat sends a crafted HTTP Request with the referrer field containing a double quote ". This double quote is escaped in C fashion when displayed on a page, allowing an event handle to be created inside of the hyperlink.

Affected Products

Any HTP server.

Impact

Cross site scripting.

Recommended Actions

N/A

CVE References

CVE-2006-3681