CVE-2002-1493

UNKNOWN

Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag

Published Sep 1, 2004

Modified 1 years ago

No fix available

Details

Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.

References

WEBhttp://archives.neohapsis.com/archives/bugtraq/2002-09/0198.html WEBhttp://archives.neohapsis.com/archives/vulnwatch/2002-q3/0132.html WEBhttp://www.securityfocus.com/bid/5728 WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/12235 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2002-1493

CVSS Analysis

CVSS v2.0

4.3

Exploitability

Access Vector

NetworkAV:N

Access Complexity

MediumAC:M

Authentication

NoneAu:N

Impact

Confidentiality

NoneC:N

Integrity

PartialI:P

Availability

NoneA:N

4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N

Ecosystems

Timeline

PublishedSep 1, 2004

ModifiedAug 8, 2024