Search...

CVE-2003-1506

2003-12-31T05:00:00

ID CVE-2003-1506
Type cve
Reporter cve@mitre.org
Modified 2017-07-29T01:29:00

Description

Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter.

JSON Vulners Source

Initial Source

{"id": "CVE-2003-1506", "bulletinFamily": "NVD", "title": "CVE-2003-1506", "description": "Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter.", "published": "2003-12-31T05:00:00", "modified": "2017-07-29T01:29:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1506", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/342577", "https://exchange.xforce.ibmcloud.com/vulnerabilities/13507", "http://www.securityfocus.com/bid/8876", "http://www.securityfocus.com/archive/1/342551", "http://www.securityfocus.com/archive/1/342160", "http://securityreason.com/securityalert/3299"], "cvelist": ["CVE-2003-1506"], "type": "cve", "lastseen": "2019-05-29T18:07:57", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "33e70b50c3f7ea564de4495222780ad9"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "53085a1ffae5155b47d222f80bdb7d57"}, {"key": "cpe23", "hash": "6690a5d53e3e7059082faf5d0c3a8ca5"}, {"key": "cvelist", "hash": "2a64806c874e65c8cb8b1e26952d3c97"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "8d7e26a161898de2db5efee7c97e5029"}, {"key": "href", "hash": "c6a7c33c610f04b9e5778ea8da009df0"}, {"key": "modified", "hash": "81fbf4dc6a3bd69489aeb37b6c16d22d"}, {"key": "published", "hash": "2250214640b1e4ae38a869f3818ba96c"}, {"key": "references", "hash": "e73d8a0df3c5a3db7f2e453443dd40ac"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "417fc1bb20b1f93c14fbe28854ae0f02"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "4a6c4ab358e8ab63430d9e761e0dd0f7a8cd15df87569af91ff301172f004b35", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:23275"]}], "modified": "2019-05-29T18:07:57"}, "score": {"value": 4.9, "vector": "NONE", "modified": "2019-05-29T18:07:57"}, "vulnersScore": 4.9}, "objectVersion": "1.3", "cpe": ["cpe:/a:daniel_barron:dansguardian:3.2", "cpe:/a:daniel_barron:dansguardian:3.1_r5", "cpe:/a:daniel_barron:dansguardian:3.1_r6", "cpe:/a:daniel_barron:dansguardian:3.0"], "affectedSoftware": [{"name": "daniel_barron dansguardian", "operator": "eq", "version": "3.0"}, {"name": "daniel_barron dansguardian", "operator": "eq", "version": "3.2"}, {"name": "daniel_barron dansguardian", "operator": "eq", "version": "3.1_r5"}, {"name": "daniel_barron dansguardian", "operator": "eq", "version": "3.1_r6"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:daniel_barron:dansguardian:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:daniel_barron:dansguardian:3.1_r5:*:*:*:*:*:*:*", "cpe:2.3:a:daniel_barron:dansguardian:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:daniel_barron:dansguardian:3.1_r6:*:*:*:*:*:*:*"], "cwe": ["CWE-79"]}

{"exploitdb": [{"lastseen": "2016-02-02T20:39:33", "bulletinFamily": "exploit", "description": "DansGuardian 2.2.x Denied URL Cross-Site Scripting Vulnerability. CVE-2003-1506. Webapps exploit for cgi platform", "modified": "2003-10-22T00:00:00", "published": "2003-10-22T00:00:00", "id": "EDB-ID:23275", "href": "https://www.exploit-db.com/exploits/23275/", "type": "exploitdb", "title": "DansGuardian 2.2.x Denied URL Cross-Site Scripting Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/8876/info\r\n\r\nA problem has been reported in the handling of some types of input to DansGuardian. This problem may permit an attacker to launch cross-site scripting attacks.\r\n\r\nhttp://www.example.com/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Test');window.open+(\"http://www.example.com\")</script> ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23275/"}]}