CVE-2002-0205 - Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5

CVE-2002-0205

Summary

Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.

References

Vulnerable Configurations

cpe:2.3:a:plumtree:plumtree_corporate_portal:3.5:*:*:*:*:*:*:*
cpe:2.3:a:plumtree:plumtree_corporate_portal:3.5:*:*:*:*:*:*:*
cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0:*:*:*:*:*:*:*
cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0:*:*:*:*:*:*:*
cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0_sp1:*:*:*:*:*:*:*
cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0_sp1:*:*:*:*:*:*:*
cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0i:*:*:*:*:*:*:*
cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0i:*:*:*:*:*:*:*
cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0i_sp1:*:*:*:*:*:*:*
cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0i_sp1:*:*:*:*:*:*:*
cpe:2.3:a:plumtree:plumtree_corporate_portal:4.5:*:*:*:*:*:*:*
cpe:2.3:a:plumtree:plumtree_corporate_portal:4.5:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 02:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	3799
bugtraq	20020124 Plumtree Corporate Portal Cross-Site Scripting (Patch Available)
vuln-dev	20020104 Cross-Site Scripting in PlumTree?
xf	plumtree-css-error(7817)

Last major update

18-10-2016 - 02:17

Published

16-05-2002 - 04:00

Last modified

18-10-2016 - 02:17