Lucene search

[email protected]CVE-2003-1241

HistoryDec 31, 2003 - 5:00 a.m.

CVE-2003-1241

2003-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-1241

myguestbook

xss

remote code execution

security vulnerability

7.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.0%

JSON

Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters.

CPENameOperatorVersion
levcgi.com:myguestbooklevcgi.com myguestbookeq3.0

CPE	Name	Operator	Version
levcgi.com:myguestbook	levcgi.com myguestbook	eq	3.0

References

archives.neohapsis.com/archives/vulnwatch/2003-q1/0089.html

www.securityfocus.com/archive/1/312762

www.securityfocus.com/bid/6906

7.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.0%

JSON

Related for CVE-2003-1241

cvelist1