CVE-2003-0154

Severity

68%

Complexity

86%

Confidentiality

106%

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 21 years ago

2003-04-02 05:00:00

Last updated 8 years ago

2016-10-18 02:30:00

Affected Software

Mozilla Bonsai 1.3

1.3

References

http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view

http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view

http://bugzilla.mozilla.org/show_bug.cgi?id=146244

http://bugzilla.mozilla.org/show_bug.cgi?id=163573

20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities

DSA-265

Patch, Vendor Advisory

bonsai-error-message-xss(9920)

5516

Exploit, Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.