CVE-2002-0230 - Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execut

CVE-2002-0230

Summary

Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.

References

http://marc.info/?l=bugtraq&m=101285834018701&w=2
http://marc.info/?l=bugtraq&m=101293973111873&w=2
http://sourceforge.net/mailarchive/forum.php?thread_id=464940&forum_id=6367
http://www.debian.org/security/2002/dsa-109

Vulnerable Configurations

cpe:2.3:a:faq-o-matic:faq-o-matic:2.712:*:*:*:*:*:*:*
cpe:2.3:a:faq-o-matic:faq-o-matic:2.712:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2016 - 02:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20020204 [SUPERPETZ ADVISORY #002- Faq-O-Matic Cross-Site Scripting Vulnerability] 20020205 Faq-O-Matic Cross-Site Scripting
confirm	http://sourceforge.net/mailarchive/forum.php?thread_id=464940&forum_id=6367
debian	DSA-109

Last major update

18-10-2016 - 02:17

Published

16-05-2002 - 04:00

Last modified

18-10-2016 - 02:17