CVE-2025-40927

CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw<br /> This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions.<br /> <br /> Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters.<br /> <br /> <br /> <br /> As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks.<br /> <br /> The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete.<br /> <br /> Impact<br /> <br /> By injecting %0A (newline) into a query string parameter, an attacker can:<br /> <br /> * Break the current HTTP header<br /> * Inject a new header or entire body<br /> * Deliver a script payload that is reflected in the server’s response<br /> That can lead to the following attacks:<br /> <br /> * reflected XSS<br /> * open redirect<br /> * cache poisoning<br /> * header manipulation