Lucene search

[email protected]CVE-2001-1352

HistorySep 01, 2004 - 4:00 a.m.

CVE-2001-1352

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2001-1352

cross-site scripting

xss

namazu

remote attack

javascript

nvd

7.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.5%

JSON

Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.

Affected configurations

NVD

Node

namazunamazuRange≤2.0.9

CPENameOperatorVersion
namazu:namazunamazule2.0.9

CPE	Name	Operator	Version
namazu:namazu	namazu	le	2.0.9

References

marc.info/?l=bugtraq&m=100947261916155&w=2

marc.info/?l=bugtraq&m=101060476404565&w=2

marc.info/?l=bugtraq&m=101068116016472&w=2

www.osvdb.org/5691

exchange.xforce.ibmcloud.com/vulnerabilities/7875

7.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for CVE-2001-1352

cvelist1 nvd1