Content Suite@7.0 Security Vulnerabilities and Issues — Content Suite@7.0 CVE List

Lucene search

VignetteContent Suite7.0

6 matches found

CVE•added 2003/06/30 4:0 a.m.•53 views

CVE-2003-0401

Vignette StoryServer and Vignette V/5 allows remote attackers to obtain sensitive information via a request for the /vgn/style template.

5CVSS6.6AI score0.00901EPSS

CVE•added 2003/07/02 4:0 a.m.•43 views

CVE-2003-0399

Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.

6.4CVSS6.9AI score0.0061EPSS

CVE•added 2003/06/30 4:0 a.m.•41 views

CVE-2003-0402

The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks.

5CVSS6.7AI score0.00741EPSS

CVE•added 2003/07/02 4:0 a.m.•37 views

CVE-2003-0398

Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed.

7.5CVSS7.7AI score0.01983EPSS

CVE•added 2003/06/30 4:0 a.m.•37 views

CVE-2003-0403

Vignette StoryServer 5 and Vignette V/5 allows remote attackers to read and modify license information, and cause a denial of service (service halt) by directly accessing the /vgn/license template.

7.5CVSS7AI score0.01062EPSS

CVE•added 2003/06/30 4:0 a.m.•35 views

CVE-2003-0404

Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.

4.3CVSS6.4AI score0.00416EPSS