Vulnerability Details : CVE-2003-0404
Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2003-0404
Probability of exploitation activity in the next 30 days: 0.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2003-0404
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2003-0404
-
http://www.securityfocus.com/bid/7687
Exploit;Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=105406028027360&w=2
-
http://www.s21sec.com/es/avisos/s21sec-023-en.txt
Vendor Advisory
-
http://www.iss.net/security_center/static/12071.php
Vendor Advisory
Products affected by CVE-2003-0404
- cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*