|
|
|
|
|
|
by bawolff
1763 days ago
|
|
|
Nobody would use cgi for (a) (cgi integrates with webservers, so you already have one to serve your static documents). You still care about xss (and other vulns, although the technology the grandparent mentioned is specificly for xss) in case b just like case c. - you might host other things on that domain (or even subdomain, which is a lot trickier but not impossible to attack), and this could be a launching point of an attack. - attackers might rewrite your page to mislead people, e.g. as part of a phishing attack, to harm your reputation or just to redirect to advertisers. The impact of any security vulnerability is going to depend on what you are doing and what you have to lose. It seems less significant in case B, but its a mistake to extrapolate as its impossible to tell without business-specific context. Maybe the simple list page is listing out life-saving information. |
|
|