Vulnerability Name: | CVE-2002-0181 (CCN-8769) | ||||||||||||
Assigned: | 2002-04-06 | ||||||||||||
Published: | 2002-04-06 | ||||||||||||
Updated: | 2016-10-18 | ||||||||||||
Summary: | Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. | ||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||
Vulnerability Consequences: | Other | ||||||||||||
References: | Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2002-016.0 Linux: horde/imp cross scripting vulnerabilities Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2002-016.1 Linux: REVISED: horde/imp cross scripting vulnerabilities Source: CCN Type: BugTraq Mailing List, Sat Apr 06 2002 - 09:02:48 CST IMP 2.2.8 (SECURITY) released Source: CCN Type: Horde Web site Horde Bugzilla Bug #916 Source: MISC Type: UNKNOWN http://bugs.horde.org/show_bug.cgi?id=916 Source: MITRE Type: CNA CVE-2002-0181 Source: CONECTIVA Type: UNKNOWN CLA-2001:473 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2002:473 imp -- Cross-site scripting vulnerability Source: BUGTRAQ Type: UNKNOWN 20020406 IMP 2.2.8 (SECURITY) released Source: CALDERA Type: UNKNOWN CSSA-2002-016.1 Source: DEBIAN Type: Patch, Vendor Advisory DSA-126 Source: DEBIAN Type: DSA-126 imp -- cross-site scripting Source: XF Type: UNKNOWN imp-status-php3-css(8769) Source: OSVDB Type: UNKNOWN 5345 Source: CCN Type: OSVDB ID: 5345 Horde IMP status.php3 script Parameter XSS Source: BID Type: UNKNOWN 4444 Source: CCN Type: BID-4444 Horde IMP Status.PHP3 Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN imp-status-php3-xss(8769) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |