CVE-2003-1513

Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html	Exploit
http://www.securityfocus.com/bid/8852	Exploit
http://secunia.com/advisories/10031	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13460

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:caucho_technology:resin:2.1.1:::::::*
	cpe:2.3:a:caucho_technology:resin:2.1.12:::::::*
	cpe:2.3:a:caucho_technology:resin:2.1.2:::::::*
	cpe:2.3:a:caucho_technology:resin:2.0:::::::*

Information

Published : 2003-12-30 21:00

Updated : 2017-07-28 18:29

NVD link : CVE-2003-1513

Mitre link : CVE-2003-1513

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

caucho_technology

resin

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html", "name": "20031019 Caucho Resin 2.x - Cross Site Scripting", "tags": ["Exploit"], "refsource": "FULLDISC"}, {"url": "http://www.securityfocus.com/bid/8852", "name": "8852", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/10031", "name": "10031", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13460", "name": "resin-name-comment-xss(13460)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1513", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2003-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:caucho_technology:resin:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:caucho_technology:resin:2.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:caucho_technology:resin:2.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:caucho_technology:resin:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:29Z"}