Vulnerability Details : CVE-2002-0521
Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2002-0521
- cpe:2.3:a:asp-nuke:asp-nuke:rc1:*:*:*:*:*:*:*
- cpe:2.3:a:asp-nuke:asp-nuke:rc2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-0521
1.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-0521
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2002-0521
-
http://online.securityfocus.com/archive/82/266705
-
http://www.securityfocus.com/bid/4481
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/4477
-
http://www.asp-nuke.com/news.asp?date=20020412&cat=11
-
http://www.iss.net/security_center/static/8830.php
Patch;Vendor Advisory
-
http://www.iss.net/security_center/static/8831.php
-
http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
Jump to