Vulnerability Details

ID: CVE-2002-2115

Last Modified: Sept. 5, 2008

Open in new window

Description

Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML.

CVSS V2

Access Vector: Network

Access Complexity: Medium

Authentication: None

Confidentiality Impact: None

Integrity Impact: Partial

Availability Impact: None

Base Score: 4.3

Exploitability Score: 8.6

Impact Score: 2.9

CVSS V2: AV:N/AC:M/Au:N/C:N/I:P/A:N

Specialize CVSS-Score

CWE-ID

NVD-CWE-Other

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:hns:hns-lite:0.8:::::::* Part: a Product: hns-lite Vendor: hns Version: 0.8	Alle Schwachstellen für hns
	cpe:2.3:a:hns:hns-lite:0.6:::::::* Part: a Product: hns-lite Vendor: hns Version: 0.6	Alle Schwachstellen für hns
	cpe:2.3:a:hns:hns:2.00_pl3:::::::* Part: a Product: hns Vendor: hns Version: 2.00_pl3	Alle Schwachstellen für hns
	cpe:2.3:a:hns:hns:2.00_pl0:::::::* Part: a Product: hns Vendor: hns Version: 2.00_pl0	Alle Schwachstellen für hns
	cpe:2.3:a:hns:hns-lite:0.7:::::::* Part: a Product: hns-lite Vendor: hns Version: 0.7	Alle Schwachstellen für hns
	cpe:2.3:a:hns:hns:2.00_pl2:::::::* Part: a Product: hns Vendor: hns Version: 2.00_pl2	Alle Schwachstellen für hns
	cpe:2.3:a:hns:hns:2.10_pl1:::::::* Part: a Product: hns Vendor: hns Version: 2.10_pl1	Alle Schwachstellen für hns
	cpe:2.3:a:hns:hns:2.00_pl1:::::::* Part: a Product: hns Vendor: hns Version: 2.00_pl1	Alle Schwachstellen für hns
	cpe:2.3:a:hns:hns:2.00_pl4:::::::* Part: a Product: hns Vendor: hns Version: 2.00_pl4	Alle Schwachstellen für hns

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:hns:hns-lite:0.8:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:hns:hns-lite:0.6:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:hns:hns:2.00_pl3:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:hns:hns:2.00_pl0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:hns:hns-lite:0.7:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:hns:hns:2.00_pl2:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:hns:hns:2.10_pl1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:hns:hns:2.00_pl1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:hns:hns:2.00_pl4:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>