CVE-2003-1513

Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html	Exploit
http://secunia.com/advisories/10031	Vendor Advisory
http://www.securityfocus.com/bid/8852	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/13460

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:caucho_technology:resin:2.0:::::::*
	cpe:2.3:a:caucho_technology:resin:2.1.1:::::::*
	cpe:2.3:a:caucho_technology:resin:2.1.2:::::::*
	cpe:2.3:a:caucho_technology:resin:2.1.12:::::::*

History

No history.

Information

Published : 2003-12-31 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2003-1513

Mitre link : CVE-2003-1513

CVE.ORG link : CVE-2003-1513

JSON object : View

Products Affected

caucho_technology

resin

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2003-1513", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2003-12-31T05:00:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/10031", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/8852", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13460", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp."}], "lastModified": "2017-07-29T01:29:15.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:caucho_technology:resin:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8862C76C-A7AE-4B0D-81DA-A543DE97E019"}, {"criteria": "cpe:2.3:a:caucho_technology:resin:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F38D4DA6-469A-45DC-B93D-41C2DB6A22D7"}, {"criteria": "cpe:2.3:a:caucho_technology:resin:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8755492-7266-4BC5-87BE-337E48C5DD78"}, {"criteria": "cpe:2.3:a:caucho_technology:resin:2.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D68E1FC-13B8-4718-BA4E-F747840F7798"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}