CVE-2003-0154

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view
http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view
http://bugzilla.mozilla.org/show_bug.cgi?id=146244
http://bugzilla.mozilla.org/show_bug.cgi?id=163573
http://marc.info/?l=bugtraq&m=102980129101054&w=2
http://www.debian.org/security/2003/dsa-265	Patch Vendor Advisory
http://www.iss.net/security_center/static/9920.php
http://www.securityfocus.com/bid/5516	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2003-04-02 05:00

Updated : 2023-12-10 10:17

NVD link : CVE-2003-0154

Mitre link : CVE-2003-0154

CVE.ORG link : CVE-2003-0154

JSON object : View

Products Affected

mozilla

bonsai

CWE

NVD-CWE-Other

{"id": "CVE-2003-0154", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-04-02T05:00:00.000", "references": [{"url": "http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view", "source": "cve@mitre.org"}, {"url": "http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view", "source": "cve@mitre.org"}, {"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=146244", "source": "cve@mitre.org"}, {"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=163573", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=102980129101054&w=2", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2003/dsa-265", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/9920.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5516", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244."}], "lastModified": "2016-10-18T02:30:12.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCB5E323-DE93-400A-9249-08E805A1347C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}