Lucene search

MitreCVE-2003-1212

HistoryMay 19, 2005 - 4:00 a.m.

CVE-2003-1212

2005-05-1904:00:00

mitre

web.nvd.nist.gov

cve-2003-1212

maxwebportal

unauthorized actions

form field modification

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.011

Percentile

84.8%

JSON

MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the ‘start new topic’ HTML page.

Affected configurations

Nvd

Node

maxwebportalmaxwebportalMatch1.30

VendorProductVersionCPE
maxwebportalmaxwebportal1.30cpe:2.3:a:maxwebportal:maxwebportal:1.30:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
maxwebportal	maxwebportal	1.30	cpe:2.3:a:maxwebportal:maxwebportal:1.30:::::::*

References

archives.neohapsis.com/archives/bugtraq/2003-06/0048.html

secunia.com/advisories/8979

www.osvdb.org/4933

www.securityfocus.com/bid/7837

exchange.xforce.ibmcloud.com/vulnerabilities/12278

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.011

Percentile

84.8%

JSON

Related for CVE-2003-1212