Lucene search

[email protected]CVE-2003-1350

HistoryOct 14, 2007 - 7:00 p.m.

CVE-2003-1350

2007-10-1419:00:00

CWE-20

[email protected]

web.nvd.nist.gov

list site pro

remote attackers

hijack

user accounts

cve-2003-1350

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.7%

JSON

List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a “|” (pipe), which is used as a field delimiter, into the bannerurl field.

Affected configurations

NVD

Node

list_site_prolist_site_proMatch2.0

CPENameOperatorVersion
list_site_pro:list_site_prolist site proeq2.0

CPE	Name	Operator	Version
list_site_pro:list_site_pro	list site pro	eq	2.0

References

securityreason.com/securityalert/3230

www.securityfocus.com/archive/1/308300

www.securityfocus.com/bid/6685

exchange.xforce.ibmcloud.com/vulnerabilities/11156

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.7%

JSON

Related for CVE-2003-1350

cvelist1 nvd1