Vulnerability Details

ID: CVE-2003-0523

HPI
BUGTRAQ

Last Modified: Oct. 18, 2016

Open in new window

Description

Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter.

CVSS V2

Access Vector: Network

Access Complexity: Medium

Authentication: None

Confidentiality Impact: Partial

Integrity Impact: Partial

Availability Impact: Partial

Base Score: 6.8

Exploitability Score: 8.6

Impact Score: 6.4

CVSS V2: AV:N/AC:M/Au:N/C:P/I:P/A:P

Specialize CVSS-Score

CWE-ID

NVD-CWE-Other

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:early_impact:productcart:1.5003r:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.5003r	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.6002:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.6002	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.6b001:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.6b001	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.6br001:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.6br001	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.6b003:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.6b003	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.5:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.5	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.5004:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.5004	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.5002:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.5002	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:2br000:::::::* Part: a Product: productcart Vendor: early_impact Version: 2br000	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.5003:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.5003	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.6br:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.6br	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.6br003:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.6br003	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.6003:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.6003	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.6b:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.6b	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:2:::::::* Part: a Product: productcart Vendor: early_impact Version: 2	Alle Schwachstellen für early_impact
	cpe:2.3:a:early_impact:productcart:1.6b002:::::::* Part: a Product: productcart Vendor: early_impact Version: 1.6b002	Alle Schwachstellen für early_impact

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.5003r:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.6002:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.6b001:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.6br001:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.6b003:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.5:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.5004:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.5002:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:2br000:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.5003:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.6br:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.6br003:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.6003:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.6b:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:2:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:early_impact:productcart:1.6b002:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>