{"id": "EDB-ID:21621", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Macromedia Sitespring 1.2 Default Error Page Cross-Site Scripting Vulnerability", "description": "Macromedia Sitespring 1.2 Default Error Page Cross Site Scripting Vulnerability. CVE-2002-1027 . Webapps exploit for jsp platform", "published": "2002-07-17T00:00:00", "modified": "2002-07-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/21621/", "reporter": "Peter Gr\u00c3\u00bcndl", "references": [], "cvelist": ["CVE-2002-1027"], "lastseen": "2016-02-02T16:54:17", "viewCount": 3, "enchantments": {"score": {"value": 5.1, "vector": "NONE", "modified": "2016-02-02T16:54:17", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-1027"]}, {"type": "osvdb", "idList": ["OSVDB:9231"]}], "modified": "2016-02-02T16:54:17", "rev": 2}, "vulnersScore": 5.1}, "sourceHref": "https://www.exploit-db.com/download/21621/", "sourceData": "source: http://www.securityfocus.com/bid/5249/info\r\n\r\nMacromedia Sitespring is a J2EE-compliant product for managing website production. The Macromedia Sitespring server runs on Microsoft Windows operating systems.\r\n\r\nA cross-site scripting issue has been reported in the default error page used by Sitespring. When an HTTP 500 error is returned, some user-supplied data is included in the generated HTML. Since this data isn't properly sanitized, an attacker may be able to include arbitrary HTML, including JavaScript. \r\n\r\nhttp://server/error/500error.jsp?et=1<script>alert('KPMG')</script> ", "osvdbidlist": ["9231"]}

{"cve": [{"lastseen": "2020-10-03T11:37:00", "description": "Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter.", "edition": 3, "cvss3": {}, "published": "2002-10-04T04:00:00", "title": "CVE-2002-1027", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1027"], "modified": "2008-09-05T20:29:00", "cpe": ["cpe:/a:macromedia:sitespring:1.2.0"], "id": "CVE-2002-1027", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1027", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:macromedia:sitespring:1.2.0:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "cvelist": ["CVE-2002-1027"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0029.html\nISS X-Force ID: 9588\n[CVE-2002-1027](https://vulners.com/cve/CVE-2002-1027)\nBugtraq ID: 5249\n", "modified": "2002-07-17T00:00:00", "published": "2002-07-17T00:00:00", "id": "OSVDB:9231", "href": "https://vulners.com/osvdb/OSVDB:9231", "title": "Macromedia Sitespring 500error.jsp First Parameter XSS", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}