CVE-2004-0347

Current Description

Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter.

Basic Data

PublishedNovember 23, 2004
Last ModifiedOctober 10, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.0
SeverityMEDIUM
Exploitability Score6.8
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareNetscreenNetscreen-sa 5000 Series********

Vulnerable Software List

VendorProductVersions
Netscreen Netscreen-sa 5000 Series *

References

NameSourceURLTags
20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliancehttp://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018120.htmlFULLDISC
20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliancehttp://marc.info/?l=bugtraq&m=107826362024112&w=2BUGTRAQ
20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPNhttp://marc.info/?l=bugtraq&m=107850564102190&w=2BUGTRAQ
VU#114070http://www.kb.cert.org/vuls/id/114070CERT-VNUS Government Resource
9791http://www.securityfocus.com/bid/9791BIDPATCH
netscreen-delhomepagecgi-xss(15368)https://exchange.xforce.ibmcloud.com/vulnerabilities/15368XF