CVE-2003-1238

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2003-1238
Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2003-02/0276.html Exploit
http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html Exploit
http://www.iss.net/security_center/static/11420.php
http://www.securityfocus.com/bid/6916 Exploit
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nuked-klan:nuked-klan:1.2:*:*:*:*:*:*:*
cpe:2.3:a:nuked-klan:nuked-klan:1.2_beta:*:*:*:*:*:*:*
cpe:2.3:a:nuked-klan:nuked-klan:1.3:*:*:*:*:*:*:*
cpe:2.3:a:nuked-klan:nuked-klan:1.3_beta:*:*:*:*:*:*:*
History

No history.

Information

Published : 2003-12-31 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2003-1238

Mitre link : CVE-2003-1238

CVE.ORG link : CVE-2003-1238

JSON object : View

Products Affected

nuked-klan

  • nuked-klan
CWE
NVD-CWE-Other