Lucene search
K
VignetteContent Suite

8 matches found

CVE
CVE
added 2003/06/11 4:0 a.m.66 views

CVE-2003-0401

Affected software/impact (summary). CVE-2003-0401 affects Vignette StoryServer and Vignette V/5. The vulnerability is describ ed as allowing remote attackers to obtain sensitive information by requesting the /vgn/style template. The NVD entry provides a network-accessible impact with partial conf...

5CVSS6.6AI score0.02328EPSS
CVE
CVE
added 2003/06/11 4:0 a.m.57 views

CVE-2003-0399

CVE-2003-0399 affects Vignette StoryServer 4/5 and V/5 (and possibly other versions). The vulnerability allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template, indicating abuse of session/authen...

6.4CVSS6.9AI score0.01575EPSS
CVE
CVE
added 2003/06/11 4:0 a.m.53 views

CVE-2003-0400

CVE-2003-0400 affects Vignette StoryServer and Vignette V/5; the vulnerability arises from miscalculating the size of text variables, causing Vignette to return unauthorized portions of memory. The issue is demonstrated via a CookieName argument to the login template using the "-->" string, de...

5CVSS6.9AI score0.03499EPSS
CVE
CVE
added 2003/06/11 4:0 a.m.52 views

CVE-2003-0405

CVE-2003-0405 affects Vignette StoryServer 5 and Vignette V/6. A flaw allows remote attackers to execute arbitrary TCL code by supplying crafted input: (1) an HTTP query or cookie processed in the NEEDS command, or (2) an HTTP Referrer processed in the VALID_PATHS command. Root cause: improper ha...

5CVSS7.6AI score0.01575EPSS
CVE
CVE
added 2003/06/11 4:0 a.m.51 views

CVE-2003-0398

Affected products: Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled. Vulnerability: remote attackers could execute arbitrary code by providing a crafted text variable to a Vignette Application that is later displayed. Underlying cause/details are not expli...

7.5CVSS7.7AI score0.02912EPSS
CVE
CVE
added 2003/06/11 4:0 a.m.51 views

CVE-2003-0402

CVE-2003-0402 affects Vignette StoryServer 5 and Vignette V/5, where the default login template (/vgn/login) returns different responses depending on whether a user exists. This behavior allows remote attackers to identify valid usernames via brute force, enabling username enumeration. The NVD en...

5CVSS6.7AI score0.01539EPSS
Web
CVE
CVE
added 2003/06/11 4:0 a.m.51 views

CVE-2003-0404

CVE-2003-0404 affects Vignette StoryServer 4/5 and Vignette V/5 and V/6. Vulnerability: multiple Cross Site Scripting (XSS) via text variables, demonstrated through the errInfo parameter in the default login template. Impact: remote attackers can inject arbitrary HTML and script. Exploitation det...

4.3CVSS6.4AI score0.01979EPSS
CVE
CVE
added 2003/06/11 4:0 a.m.47 views

CVE-2003-0403

CVE-2003-0403 affects Vignette StoryServer 5 and Vignette V/5. Remote attackers can read and modify license information and cause a denial of service by directly accessing the /vgn/license template. The provided documents do not include root-cause analysis, affected versions beyond the products n...

7.5CVSS7AI score0.0245EPSS