1. CVE-Search
  2. CVE-2002-0166
ID CVE-2002-0166
Summary Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
References
Vulnerable Configurations
  • cpe:2.3:a:stephen_turner:analog:3.90_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:3.90_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:3.90_beta2:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:3.90_beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.01:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.01:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.02:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.02:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.03:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.03:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.04:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.04:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.11:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.14:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.15:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.16:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.90_beta2:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.90_beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.90_beta3:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.90_beta3:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.90_beta4:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.90_beta4:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:4.91_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:4.91_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:5.1a:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:5.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:5.02:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:5.02:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:stephen_turner:analog:5.03:*:*:*:*:*:*:*
    cpe:2.3:a:stephen_turner:analog:5.03:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-09-2008 - 00:00)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2002:059
refmap via4
bid 4389
debian DSA-125
freebsd FreeBSD-SN-02:02
osvdb 2059
xf analog-logfile-css(8656)
Last major update 11-09-2008 - 00:00
Published 22-04-2002 - 04:00
Last modified 11-09-2008 - 00:00
Back to Top