Lucene search

MitreCVE-2002-1494

HistorySep 01, 2004 - 4:00 a.m.

CVE-2002-1494

2004-09-0104:00:00

mitre

web.nvd.nist.gov

cve-2002-1494

cross-site scripting

xss

aestiva html/os

remote attackers

arbitrary html

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.004

Percentile

72.2%

JSON

Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message.

Affected configurations

Nvd

Node

aestivahtml_osMatch2.4

VendorProductVersionCPE
aestivahtml_os2.4cpe:2.3:a:aestiva:html_os:2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aestiva	html_os	2.4	cpe:2.3:a:aestiva:html_os:2.4:::::::*

References

archives.neohapsis.com/archives/bugtraq/2002-09/0026.html

www.iss.net/security_center/static/10029.php

www.securityfocus.com/bid/5618

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.004

Percentile

72.2%

JSON

Related for CVE-2002-1494