CVE-2003-1506

Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/342160
http://www.securityfocus.com/archive/1/342551
http://www.securityfocus.com/archive/1/342577
http://www.securityfocus.com/bid/8876	Exploit
http://securityreason.com/securityalert/3299
https://exchange.xforce.ibmcloud.com/vulnerabilities/13507

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:daniel_barron:dansguardian:3.0:::::::*
	cpe:2.3:a:daniel_barron:dansguardian:3.1_r5:::::::*
	cpe:2.3:a:daniel_barron:dansguardian:3.1_r6:::::::*
	cpe:2.3:a:daniel_barron:dansguardian:3.2:::::::*

Information

Published : 2003-12-30 21:00

Updated : 2017-07-28 18:29

NVD link : CVE-2003-1506

Mitre link : CVE-2003-1506

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

daniel_barron

dansguardian

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/342160", "name": "20031022 CensorNet: Cross Site Scripting Vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/342551", "name": "20031027 Re: CensorNet: Cross Site Scripting Vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/342577", "name": "20031027 Re: CensorNet: Cross Site Scripting Vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/8876", "name": "8876", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/3299", "name": "3299", "tags": [], "refsource": "SREASON"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13507", "name": "censornet-cgi-xss(13507)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1506", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2003-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:daniel_barron:dansguardian:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:daniel_barron:dansguardian:3.1_r5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:daniel_barron:dansguardian:3.1_r6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:daniel_barron:dansguardian:3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:29Z"}