Vulnerability found in CGI Script
A cross site scripting vulnerabilty was found in the ipcalc CGI wrapper script. (Note: This is not the ipcalc script itself, it is only used when ipcalc is run via a web interface).
This script was
Description of the vulnerability
The script used the environment variable REQUEST_URI to construct the action url of the html form. REQUEST_URI may contain data from a maliciously constructed link to the site. The new version uses REQUEST_URL.
If in doubt, check if your script version works with REQUEST_URI. You should upgrade then.
How to upgrade