CVE-2003-0287

Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=105276879622636&w=2
http://marc.info/?l=bugtraq&m=105277690132079&w=2
http://marc.info/?l=bugtraq&m=105284589927655&w=2
http://www.securityfocus.com/bid/7560
https://exchange.xforce.ibmcloud.com/vulnerabilities/12003

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:six_apart:movable_type::::::::
	cpe:2.3:a:six_apart:movable_type:2.63:::::::*

History

No history.

Information

Published : 2003-06-16 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2003-0287

Mitre link : CVE-2003-0287

CVE.ORG link : CVE-2003-0287

JSON object : View

Products Affected

six_apart

movable_type

CWE

NVD-CWE-Other

{"id": "CVE-2003-0287", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-06-16T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=105276879622636&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105277690132079&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105284589927655&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/7560", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12003", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the \"Allow HTML in comments?\" option is enabled."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en Movable Type anterior a la 2.6 (y posiblemente otras versiones, incluida la 2.63), permite que atacantes remotos inserten script web arbitrario o HTML mediante el campo Name, posiblemente cuando la opci\u00f3n \"Allow HTML in comments?\" est\u00e1 habilitada."}], "lastModified": "2017-07-11T01:29:30.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:six_apart:movable_type:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D097030-8583-4802-95AF-CC50345159A2", "versionEndIncluding": "2.6"}, {"criteria": "cpe:2.3:a:six_apart:movable_type:2.63:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C057E938-243B-4BEE-BF38-F3334A2B9275"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}