| Vulnerability Name: | CVE-2003-0615 (CCN-12669) | ||||||||||||||||
| Assigned: | 2003-07-20 | ||||||||||||||||
| Published: | 2003-07-20 | ||||||||||||||||
| Updated: | 2018-05-03 | ||||||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. | ||||||||||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: CCN Type: SGI Security Advisory 20031002-01-U SGI Advanced Linux Environment security update #3 Source: CCN Type: BugTraq Mailing List, Sun Jul 20 2003 - 17:06:47 CDT CGI.pm vulnerable to Cross-site Scripting Source: CCN Type: BugTraq Mailing List, Tue Jul 22 2003 - 11:57:19 CDT Re: CGI.pm vulnerable to Cross-site Scripting Source: MITRE Type: CNA CVE-2003-0615 Source: CONECTIVA Type: UNKNOWN CLA-2003:713 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2003:713 perl Source: BUGTRAQ Type: UNKNOWN 20030720 CGI.pm vulnerable to Cross-site Scripting Source: BUGTRAQ Type: UNKNOWN 20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www) Source: FULLDISC Type: UNKNOWN 20030720 CGI.pm vulnerable to Cross-site Scripting. Source: CCN Type: RHSA-2003-256 Updated Perl packages fix security issues. Source: CCN Type: RHSA-2003-257 perl security update Source: CCN Type: SA13638 Sun Solaris Perl Modules Two Vulnerabilities Source: SECUNIA Type: UNKNOWN 13638 Source: CCN Type: SECTRACK ID: 1007234 CGI.pm Library Input Validation Flaw Permits Remote Cross-Site Scripting Attacks Source: SECTRACK Type: UNKNOWN 1007234 Source: CCN Type: CGI.pm Web site CGI.pm - a Perl5 CGI Library Source: SUNALERT Type: UNKNOWN 101426 Source: CCN Type: CIAC Information Bulletin N-155 Red Hat Updated Perl packages fix security issues Source: CIAC Type: UNKNOWN N-155 Source: DEBIAN Type: UNKNOWN DSA-371 Source: DEBIAN Type: DSA-371 perl -- cross-site scripting Source: CCN Type: US-CERT VU#246409 CGI.pm vulnerable to Cross-site Scripting Source: CERT-VN Type: US Government Resource VU#246409 Source: CCN Type: OpenPKG-SA-2003.036 Perl CGI.pm Source: CCN Type: OpenPKG-SA-2003.039 Perl CGI.pm Source: REDHAT Type: UNKNOWN RHSA-2003:256 Source: BID Type: Patch, Vendor Advisory 8231 Source: CCN Type: BID-8231 CGI.pm Start_Form Cross-Site Scripting Vulnerability Source: CCN Type: TLSA-2003-49 Cross-site scripting vulnerability Source: MANDRAKE Type: UNKNOWN MDKSA-2003:084 Source: XF Type: UNKNOWN cgi-startform-xss(12669) Source: XF Type: UNKNOWN cgi-startform-xss(12669) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:307 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:470 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||