Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2330

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-2330
Last Modified 30 Aug 2010 12:00:00
Published 31 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2330

Summary

Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers.

Vulnerable Systems

Application

  • Uninet Statsplus 1.25


References

BID - 5316

XF - statsplus-stat-script-injection(9678)

BUGTRAQ - 20020725 Uninets StatsPlus 1.25 script injection vulnerabilities


Last Updated: 27 May 2016 10:37:42