ID |
CVE-2002-1680
|
Summary |
Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi or (2) compatible.cgi. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 4.3 (as of 11-07-2017 - 01:29) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
refmap
via4
|
bid | | vuln-dev | 20020121 Security holes in COWS (CGI Online Worldweb Shopping) | xf | cows-cgi-css(7986) |
|
Last major update |
11-07-2017 - 01:29 |
Published |
31-12-2002 - 05:00 |
Last modified |
11-07-2017 - 01:29 |