Vulnerability Details CVE-2002-0166
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 75.6%
CVSS Severity
CVSS v2 Score 7.5
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc
- http://www.debian.org/security/2002/dsa-125
- http://www.iss.net/security_center/static/8656.php
- http://www.osvdb.org/2059
- http://www.redhat.com/support/errata/RHSA-2002-059.html
- http://www.securityfocus.com/bid/4389
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc
- http://www.debian.org/security/2002/dsa-125
- http://www.iss.net/security_center/static/8656.php
- http://www.osvdb.org/2059
- http://www.redhat.com/support/errata/RHSA-2002-059.html
- http://www.securityfocus.com/bid/4389
Products affected by CVE-2002-0166
-
cpe:2.3:a:stephen_turner:analog:3.90_beta1
-
cpe:2.3:a:stephen_turner:analog:3.90_beta2
-
cpe:2.3:a:stephen_turner:analog:4.01
-
cpe:2.3:a:stephen_turner:analog:4.02
-
cpe:2.3:a:stephen_turner:analog:4.03
-
cpe:2.3:a:stephen_turner:analog:4.04
-
cpe:2.3:a:stephen_turner:analog:4.1
-
cpe:2.3:a:stephen_turner:analog:4.11
-
cpe:2.3:a:stephen_turner:analog:4.14
-
cpe:2.3:a:stephen_turner:analog:4.15
-
cpe:2.3:a:stephen_turner:analog:4.16
-
cpe:2.3:a:stephen_turner:analog:4.90_beta2
-
cpe:2.3:a:stephen_turner:analog:4.90_beta3
-
cpe:2.3:a:stephen_turner:analog:4.90_beta4
-
cpe:2.3:a:stephen_turner:analog:4.91_beta1
-
cpe:2.3:a:stephen_turner:analog:5.0
-
cpe:2.3:a:stephen_turner:analog:5.01
-
cpe:2.3:a:stephen_turner:analog:5.02
-
cpe:2.3:a:stephen_turner:analog:5.03
-
cpe:2.3:a:stephen_turner:analog:5.1a
-
cpe:2.3:a:stephen_turner:analog:5.2