ID CVE-2002-1334
Summary Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi.
References
Vulnerable Configurations
  • cpe:2.3:a:bizdesign:imagefolio:2.23:*:*:*:*:*:*:*
    cpe:2.3:a:bizdesign:imagefolio:2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:bizdesign:imagefolio:2.24:*:*:*:*:*:*:*
    cpe:2.3:a:bizdesign:imagefolio:2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:bizdesign:imagefolio:2.26:*:*:*:*:*:*:*
    cpe:2.3:a:bizdesign:imagefolio:2.26:*:*:*:*:*:*:*
  • cpe:2.3:a:bizdesign:imagefolio:2.27:*:*:*:*:*:*:*
    cpe:2.3:a:bizdesign:imagefolio:2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:bizdesign:imagefolio:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:bizdesign:imagefolio:3.0.1:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 6265
bugtraq 20021127 Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software
sectrack 1005681
xf imagefolio-imagefolio-nphbuild-xss(10718)
Last major update 11-07-2017 - 01:29
Published 11-12-2002 - 05:00
Back to Top