6.8

CVE-2003-0154

Exploit

EPSS 13.33%
Published 02.04.2003 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Bonsai Version1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.33%	0.935

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://www.debian.org/security/2003/dsa-265

Patch

Vendor Advisory

http://marc.info/?l=bugtraq&m=102980129101054&w=2

http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view

http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view

http://bugzilla.mozilla.org/show_bug.cgi?id=146244

http://bugzilla.mozilla.org/show_bug.cgi?id=163573

http://www.iss.net/security_center/static/9920.php

http://www.securityfocus.com/bid/5516

Patch

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2003-0154

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2003-0154

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2003-0154

EUVD