CVE-2003-0154

Current Description

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

Basic Data

PublishedApril 02, 2003
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaBonsai1.3*******

Vulnerable Software List

VendorProductVersions
Mozilla Bonsai 1.3

References

NameSourceURLTags
http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=viewhttp://bugzilla.mozilla.org/attachment.cgi?id=95950&action=viewCONFIRM
http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=viewhttp://bugzilla.mozilla.org/attachment.cgi?id=95985&action=viewCONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=146244http://bugzilla.mozilla.org/show_bug.cgi?id=146244MISC
http://bugzilla.mozilla.org/show_bug.cgi?id=163573http://bugzilla.mozilla.org/show_bug.cgi?id=163573CONFIRM
20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilitieshttp://marc.info/?l=bugtraq&m=102980129101054&w=2BUGTRAQ
DSA-265http://www.debian.org/security/2003/dsa-265DEBIANPATCH Vendor Advisory
bonsai-error-message-xss(9920)http://www.iss.net/security_center/static/9920.phpXF
5516http://www.securityfocus.com/bid/5516BIDExploit PATCH Vendor Advisory