Skip to main content

Gazelle

8 CVEs product

Monthly

CVE-2026-40562 HIGH PATCH This Week

HTTP Request Smuggling in Gazelle (Perl web server) versions through 0.49 enables attackers to smuggle malicious requests through reverse proxies by exploiting incorrect header precedence. Gazelle violates RFC 7230 by prioritizing Content-Length over Transfer-Encoding: chunked when both headers are present, allowing desynchronization between front-end proxies and the backend server. SSVC framework indicates the vulnerability is automatable with partial technical impact, while CVSS 7.5 reflects network-accessible unauthenticated exploitation with high integrity impact. A vendor patch is available via CPANSec.

Request Smuggling Information Disclosure Gazelle
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-44797 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /managers/enable_requests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gazelle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-44795 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gazelle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-44793 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gazelle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-7250 MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Gazelle
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7249 MEDIUM PATCH This Month

Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Gazelle
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7248 MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Gazelle
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7247 MEDIUM PATCH This Month

Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Gazelle
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

HTTP Request Smuggling in Gazelle (Perl web server) versions through 0.49 enables attackers to smuggle malicious requests through reverse proxies by exploiting incorrect header precedence. Gazelle violates RFC 7230 by prioritizing Content-Length over Transfer-Encoding: chunked when both headers are present, allowing desynchronization between front-end proxies and the backend server. SSVC framework indicates the vulnerability is automatable with partial technical impact, while CVSS 7.5 reflects network-accessible unauthenticated exploitation with high integrity impact. A vendor patch is available via CPANSec.

Request Smuggling Information Disclosure Gazelle
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /managers/enable_requests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gazelle
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gazelle
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gazelle
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Gazelle
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Gazelle
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Gazelle
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Gazelle
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy