Vulnerability Name:

CVE-2004-0347 (CCN-15368)

Assigned:2004-03-02
Published:2004-03-02
Updated:2017-10-10
Summary:Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Mar 02 2004 - 08:03:26 CST
03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance

Source: MITRE
Type: CNA
CVE-2004-0347

Source: FULLDISC
Type: UNKNOWN
20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance

Source: BUGTRAQ
Type: UNKNOWN
20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance

Source: BUGTRAQ
Type: UNKNOWN
20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN

Source: CCN
Type: US-CERT VU#114070
NetScreen Instant Virtual Extranet (IVE) platform contains cross-site scripting vulnerability in delhomepage.cgi

Source: CERT-VN
Type: US Government Resource
VU#114070

Source: CCN
Type: NetScreen Technologies, Inc. Download Sofware Web site
Netscreen Technologies, Inc.::Services::Latest Software Availability

Source: CCN
Type: OSVDB ID: 4126
NetScreen-SA delhomepage.cgi XSS

Source: BID
Type: Patch
9791

Source: CCN
Type: BID-9791
NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
netscreen-delhomepagecgi-xss(15368)

Source: XF
Type: UNKNOWN
netscreen-delhomepagecgi-xss(15368)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:netscreen:netscreen-sa_5000_series:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netscreen netscreen-sa 5000 series *