Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0736

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2003-0736
Last Modified 05 Sep 2008 04:35:07
Published 20 Oct 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2003-0736

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.

Vulnerable Systems

Application

  • Phpwebsite 0.9.0


References

CERT-VN - VU#664422

BUGTRAQ - 20030902 GLSA: phpwebsite (200309-03)

BUGTRAQ - 20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities


Last Updated: 27 May 2016 10:38:02