Lucene search

MitreCVE-2003-1584

HistoryFeb 05, 2010 - 10:30 p.m.

CVE-2003-1584

2010-02-0522:30:02

CWE-79

mitre

web.nvd.nist.gov

cve

2003

1584

cross-site scripting

xss

surfstats

remote attackers

web script

html

inverse lookup log corruption

illc

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

52.7%

JSON

Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an “Inverse Lookup Log Corruption (ILLC)” issue.

Affected configurations

Nvd

Node

surfstatssurfstats

VendorProductVersionCPE
surfstatssurfstats*cpe:2.3:a:surfstats:surfstats:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
surfstats	surfstats	*	cpe:2.3:a:surfstats:surfstats::::::::

References

www.securityfocus.com/archive/1/313867

exchange.xforce.ibmcloud.com/vulnerabilities/56649

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

52.7%

JSON

Related for CVE-2003-1584