Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1785

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2002-1785
Last Modified 05 Sep 2008 04:31:30
Published 31 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2002-1785

Summary

Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.

Vulnerable Systems

Application

  • Zeus Technologies Zeus Web Server 4.0

  • Zeus Technologies Zeus Web Server 4.1

  • Zeus Technologies Zeus Web Server 4.1 R1

  • Zeus Technologies Zeus Web Server 4.1 R2

  • Zeus Technologies Zeus Web Server 4.1 R3

  • Zeus Technologies Zeus Web Server 4.1 R4


References

BID - 6144

XF - zeus-admin-index-xss(10567)

BUGTRAQ - 20021211 Re: Zeus Admin Server v4.1r2 index.fcgi XSS bug

BUGTRAQ - 20021108 Zeus Admin Server v4.1r2 index.fcgi XSS bug


Last Updated: 27 May 2016 10:37:29