Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1334

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2002-1334
Last Modified 10 Sep 2008 03:14:18
Published 11 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2002-1334

Summary

Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi.

Vulnerable Systems

Application

  • Bizdesign Imagefolio 2.23

  • Bizdesign Imagefolio 2.24

  • Bizdesign Imagefolio 2.26

  • Bizdesign Imagefolio 2.27

  • Bizdesign Imagefolio 3.0.1


References

SECTRACK - 1005681

XF - imagefolio-imagefolio-nphbuild-xss(10718)

BID - 6265

BUGTRAQ - 20021127 Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software


Last Updated: 27 May 2016 10:37:16