CVE-2003-0154 - Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers t

CVE-2003-0154

Summary

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 18-10-2016 - 02:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	5516
bugtraq	20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities
confirm	http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view http://bugzilla.mozilla.org/show_bug.cgi?id=163573
debian	DSA-265
misc	http://bugzilla.mozilla.org/show_bug.cgi?id=146244
xf	bonsai-error-message-xss(9920)

Last major update

18-10-2016 - 02:30

Published

02-04-2003 - 05:00

Last modified

18-10-2016 - 02:30