Lucene search

[email protected]NVD:CVE-2003-1554

HistoryDec 31, 2003 - 5:00 a.m.

CVE-2003-1554

2003-12-3105:00:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

73.2%

JSON

Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.

Affected configurations

Nvd

Node

scoznetscozbookMatch1.1_beta

VendorProductVersionCPE
scoznetscozbook1.1_betacpe:2.3:a:scoznet:scozbook:1.1_beta:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
scoznet	scozbook	1.1_beta	cpe:2.3:a:scoznet:scozbook:1.1_beta:::::::*

References

secunia.com/advisories/8476

securityreason.com/securityalert/3781

www.securityfocus.com/archive/1/316747/30/25280/threaded

www.securityfocus.com/bid/7235

www.securitytracker.com/id?1006413

exchange.xforce.ibmcloud.com/vulnerabilities/11658

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

73.2%

JSON

Related for NVD:CVE-2003-1554

cve1 cvelist1 nessus1