CVE-2003-0404

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2003-0404
Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.s21sec.com/es/avisos/s21sec-023-en.txt Vendor Advisory
http://www.iss.net/security_center/static/12071.php Vendor Advisory
http://www.securityfocus.com/bid/7687 Exploit Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=105406028027360&w=2
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*
cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*
cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*
cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*
cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*
cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*
cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*
Information

Published : 2003-06-29 21:00

Updated : 2016-10-17 19:33

NVD link : CVE-2003-0404

Mitre link : CVE-2003-0404

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

vignette

  • content_suite
  • storyserver
  • vignette