6.6 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.6%
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.
CPE | Name | Operator | Version |
---|---|---|---|
mozilla:bonsai | mozilla bonsai | eq | 1.3 |
bugzilla.mozilla.org/attachment.cgi?id=95950&action=view
bugzilla.mozilla.org/attachment.cgi?id=95985&action=view
bugzilla.mozilla.org/show_bug.cgi?id=146244
bugzilla.mozilla.org/show_bug.cgi?id=163573
marc.info/?l=bugtraq&m=102980129101054&w=2
www.debian.org/security/2003/dsa-265
www.iss.net/security_center/static/9920.php
www.securityfocus.com/bid/5516