CVE-2002-0329 - Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers t

CVE-2002-0329

Summary

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag.

References

Vulnerable Configurations

cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.2.03:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.2.03:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 02:19)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	4192
bugtraq	20020227 RE: Open Bulletin Board javascript bug. 20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)
cert-vn	VU#132011
confirm	http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660
xf	snitz-img-css(8309)

Last major update

18-10-2016 - 02:19

Published

25-06-2002 - 04:00

Last modified

18-10-2016 - 02:19