Lucene search

[email protected]CVE-2003-1285

HistoryNov 22, 2005 - 2:00 a.m.

CVE-2003-1285

2005-11-2202:00:00

[email protected]

web.nvd.nist.gov

cve-2003-1285

sambar server

xss

web script

html

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl).

Affected configurations

NVD

Node

sambarsambar_serverMatch5.0

sambarsambar_serverMatch5.0beta1

sambarsambar_serverMatch5.0beta2

sambarsambar_serverMatch5.0beta3

sambarsambar_serverMatch5.0beta4

sambarsambar_serverMatch5.0beta5

sambarsambar_serverMatch5.0beta6

sambarsambar_serverMatch5.1

sambarsambar_serverMatch5.1beta1

sambarsambar_serverMatch5.1beta2

sambarsambar_serverMatch5.1beta3

sambarsambar_serverMatch5.1beta4

sambarsambar_serverMatch5.1beta5

sambarsambar_serverMatch5.2

sambarsambar_serverMatch5.3

sambarsambar_serverMatch6.0beta1

sambarsambar_serverMatch6.0beta2

sambarsambar_serverMatch6.0beta3

sambarsambar_serverMatch6.0beta4

sambarsambar_serverMatch6.0beta5

CPENameOperatorVersion
sambar:sambar_serversambar sambar servereq5.0
sambar:sambar_serversambar sambar servereq5.1
sambar:sambar_serversambar sambar servereq5.2
sambar:sambar_serversambar sambar servereq5.3
sambar:sambar_serversambar sambar servereq6.0

CPE	Name	Operator	Version
sambar:sambar_server	sambar sambar server	eq	5.0
sambar:sambar_server	sambar sambar server	eq	5.1
sambar:sambar_server	sambar sambar server	eq	5.2
sambar:sambar_server	sambar sambar server	eq	5.3
sambar:sambar_server	sambar sambar server	eq	6.0

References

secunia.com/advisories/9578

securitytracker.com/id?1007819

www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true

www.osvdb.org/5782

www.osvdb.org/5783

www.osvdb.org/5784

www.osvdb.org/5785

www.osvdb.org/5805

www.sambar.com/security.htm

exchange.xforce.ibmcloud.com/vulnerabilities/13305

exchange.xforce.ibmcloud.com/vulnerabilities/16056

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2003-1285

nvd1 cvelist1 openvas1