Vulnerability Details : CVE-2002-1732
Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2002-1732
- cpe:2.3:a:actinic:actinic_catalog:4.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-1732
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-1732
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2002-1732
-
http://www.osvdb.org/27095
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/8180
Actinic Catalog HTML tags cross-site scripting CVE-2002-1732 Vulnerability Report
-
http://www.attrition.org/pipermail/vim/2006-July/000929.html
[VIM] vendor ack/fix: Actinic Catalog Unspecified .pl Files XSS (fwd)
-
http://www.osvdb.org/27098
-
http://www.osvdb.org/27097
-
http://www.securityfocus.com/bid/4042
-
http://www.osvdb.org/27096
-
http://securitytracker.com/id?1003502
Jump to