CVE-2002-0205

Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=101189911121808&w=2
http://online.securityfocus.com/archive/82/248396	Vendor Advisory
http://www.iss.net/security_center/static/7817.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/3799

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:plumtree:plumtree_corporate_portal:3.5:::::::*
	cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0:::::::*
	cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0_sp1:::::::*
	cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0i:::::::*
	cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0i_sp1:::::::*
	cpe:2.3:a:plumtree:plumtree_corporate_portal:4.5:::::::*

History

No history.

Information

Published : 2002-05-16 04:00

Updated : 2016-10-18 02:17

NVD link : CVE-2002-0205

Mitre link : CVE-2002-0205

CVE.ORG link : CVE-2002-0205

JSON object : View

Products Affected

plumtree

plumtree_corporate_portal

CWE

NVD-CWE-Other

{"id": "CVE-2002-0205", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-05-16T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=101189911121808&w=2", "source": "cve@mitre.org"}, {"url": "http://online.securityfocus.com/archive/82/248396", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/7817.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3799", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the \"Description\" parameter."}, {"lang": "es", "value": "La vulnerabilidad CSS (Cross-site scripting) en el fichero error.asp de Plumtree Corporate Portal versiones de la 3.5 a la 4.5, permite a atacantes remotos ejecutar c\u00f3digos arbitrarios en otros clientes mediante el par\u00e1metro \"\"Description\"\"."}], "lastModified": "2016-10-18T02:17:07.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plumtree:plumtree_corporate_portal:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C500AF9-2B35-490B-B804-7F05DF150D7A"}, {"criteria": "cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC5CDD20-DCDA-4595-9542-9BF69B3A685B"}, {"criteria": "cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0_sp1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DD8844-463D-4F12-B5F6-F704983E0E02"}, {"criteria": "cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0i:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B68BF3F0-2B97-433D-B5F5-805146D52E60"}, {"criteria": "cpe:2.3:a:plumtree:plumtree_corporate_portal:4.0i_sp1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACECEA85-8F42-4037-BEF7-639D0FF40B2F"}, {"criteria": "cpe:2.3:a:plumtree:plumtree_corporate_portal:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "593151E5-DD0B-435D-9C8F-95495146C8AB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}