Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0292

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2002-0292
Last Modified 10 Sep 2008 08:00:53
Published 31 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2002-0292

Summary

Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.

Vulnerable Systems

Application

  • Open Source Development Network Slashcode 1.0.8

  • Open Source Development Network Slashcode 2.0

  • Open Source Development Network Slashcode 2.1

  • Open Source Development Network Slashcode 2.1.1

  • Open Source Development Network Slashcode 2.2

  • Open Source Development Network Slashcode 2.2.1

  • Open Source Development Network Slashcode 2.2.2

  • Open Source Development Network Slashcode 2.2.3

  • Open Source Development Network Slashcode 2.2.4


References

BUGTRAQ - 20020219 [SA-2002:01] Slashcode login vulnerability

BID - 4116

XF - slashcode-site-xss(8221)


Last Updated: 27 May 2016 10:36:52