Primary

Context

EmbedThis GoAhead Web Server HTML Injection Vulnerability

Vulnerability

A vulnerability allowing HTML injection has been identified in EmbedThis GoAhead Web Server version 2.5. This issue arises in the 'goform/formTest' endpoint, where inadequate input validation of the 'name' parameter allows for the injection of HTML content. Exploiting this vulnerability could enable an attacker to execute scripts or HTML within the context of the affected website.

Impact

Exploitation of this vulnerability allows for HTML injection, which could be used to execute scripts in the context of the user’s browser.

Reproduction

To reproduce this vulnerability, send a request to the 'goform/formTest' endpoint with the 'name' parameter containing injected HTML, such as a header tag. The server's response will render the injected HTML, demonstrating the successful exploitation of the vulnerability.

Added: Jul 25, 2025, 8:46 PM

Updated: Jul 25, 2025, 8:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.8

impact

1.7

exploitability

7.9

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.8

impact

1.7

exploitability

7.9

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EmbedThis GoAhead Web Server HTML Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

EmbedThis GoAhead

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating