Authored by Georgi Guninski

The documentation for the python CGI module suffers from a cross site scripting vulnerability.

Is there low hanging fruit for the following observation?

The documentation of the python cgi module is vulnerable to XSS
(cross site scripting)

form = cgi.FieldStorage()
print("<p>name:", form["name"].value)
print("<p>addr:", form["addr"].value)

First result on google for "tutorial python cgi"

And it is almost the same as the python doc.

I verified that setting ```name=<script>alert(document.domain)</script>```
will trigger dialog, demonstrating javascript is executed
on the cgi host.

I would expect that devs who read the docs or tutorials will write
vulnerable cgis.