Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0154

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2003-0154
Last Modified 05 Sep 2008 04:33:37
Published 02 Apr 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2003-0154

Summary

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

Vulnerable Systems

Application

  • Mozilla Bonsai 1.3


References

BID - 5516

DEBIAN - DSA-265

XF - bonsai-error-message-xss(9920)

BUGTRAQ - 20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=163573

MISC - http://bugzilla.mozilla.org/show_bug.cgi?id=146244

CONFIRM - http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view

CONFIRM - http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view


Last Updated: 27 May 2016 10:37:48