CVE-2002-1009 - Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, all

CVE-2002-1009

Summary

Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters.

References

http://archives.neohapsis.com/archives/bugtraq/2002-07/0112.html
http://www.iss.net/security_center/static/9548.php
http://www.securityfocus.com/bid/5211

Vulnerable Configurations

cpe:2.3:a:summit_computer_networks:lil_http_server:2.1:*:*:*:*:*:*:*
cpe:2.3:a:summit_computer_networks:lil_http_server:2.1:*:*:*:*:*:*:*
cpe:2.3:a:summit_computer_networks:lil_http_server:2.2:*:*:*:*:*:*:*
cpe:2.3:a:summit_computer_networks:lil_http_server:2.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 05-09-2008 - 20:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	5211
bugtraq	20020711 Lil'HTTP Pbcgi.cgi XSS Vulnerability
xf	lilhttp-pbcgi-xss(9548)

Last major update

05-09-2008 - 20:29

Published

04-10-2002 - 04:00

Last modified

05-09-2008 - 20:29