Vulnerability Details CVE-2003-0404
Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v2 Score 4.3
References
- http://marc.info/?l=bugtraq&m=105406028027360&w=2
- http://www.iss.net/security_center/static/12071.php
- http://www.s21sec.com/es/avisos/s21sec-023-en.txt
- http://www.securityfocus.com/bid/7687
- http://marc.info/?l=bugtraq&m=105406028027360&w=2
- http://www.iss.net/security_center/static/12071.php
- http://www.s21sec.com/es/avisos/s21sec-023-en.txt
- http://www.securityfocus.com/bid/7687
Products affected by CVE-2003-0404
-
cpe:2.3:a:vignette:content_suite:5.0
-
cpe:2.3:a:vignette:content_suite:6.0
-
cpe:2.3:a:vignette:content_suite:7.0
-
cpe:2.3:a:vignette:storyserver:4.0
-
cpe:2.3:a:vignette:storyserver:4.1
-
cpe:2.3:a:vignette:storyserver:5.0
-
cpe:2.3:a:vignette:vignette:5.0