| ID |
CVE-2002-1785
|
| Summary |
Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:zeus_technologies:zeus_web_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:zeus_technologies:zeus_web_server:4.0:*:*:*:*:*:*:*
-
cpe:2.3:a:zeus_technologies:zeus_web_server:4.1:*:*:*:*:*:*:*
cpe:2.3:a:zeus_technologies:zeus_web_server:4.1:*:*:*:*:*:*:*
-
cpe:2.3:a:zeus_technologies:zeus_web_server:4.1_r1:*:*:*:*:*:*:*
cpe:2.3:a:zeus_technologies:zeus_web_server:4.1_r1:*:*:*:*:*:*:*
-
cpe:2.3:a:zeus_technologies:zeus_web_server:4.1_r2:*:*:*:*:*:*:*
cpe:2.3:a:zeus_technologies:zeus_web_server:4.1_r2:*:*:*:*:*:*:*
-
cpe:2.3:a:zeus_technologies:zeus_web_server:4.1_r3:*:*:*:*:*:*:*
cpe:2.3:a:zeus_technologies:zeus_web_server:4.1_r3:*:*:*:*:*:*:*
-
cpe:2.3:a:zeus_technologies:zeus_web_server:4.1_r4:*:*:*:*:*:*:*
cpe:2.3:a:zeus_technologies:zeus_web_server:4.1_r4:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 1.9 (as of 05-09-2008 - 20:31) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:L/AC:M/Au:N/C:N/I:P/A:N
|
| refmap
via4
|
| bid | 6144 | | bugtraq | - 20021108 Zeus Admin Server v4.1r2 index.fcgi XSS bug
- 20021211 Re: Zeus Admin Server v4.1r2 index.fcgi XSS bug
| | xf | zeus-admin-index-xss(10567) |
|
| Last major update |
05-09-2008 - 20:31 |
| Published |
31-12-2002 - 05:00 |
| Last modified |
05-09-2008 - 20:31 |
