mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
124 lines
4.0 KiB
JSON
124 lines
4.0 KiB
JSON
{
|
|
"id": "CVE-2003-0602",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2003-08-27T04:00:00.000",
|
|
"lastModified": "2008-09-05T20:34:45.220",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "M\u00faltiples vulnerabildades de secuencias de comandos en sitios cruzados (XSS) en Bugzilla 2.16.x anteriores a 2.16.3, y 2.17.x anteriores a 2.17.4, permite a atacantes remotos insertar HTML arbitrario o script web mediante (2) m\u00faltiples plantillas HTML rusas y alemanas por defecto, o (2) atributos ALT y NAME en etiquetas AREA como las usadas en la caracter\u00edstica de generaci\u00f3n de gr\u00e1ficos GraphViz de gr\u00e1ficos de depencias locales."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 6.8
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": true,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F16D338E-C5BC-46E1-95DD-D9B0E25EE56E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "19F19219-3AFD-4D8E-B02B-BFCBD1BC7C36"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B900D9A7-913A-4176-90CF-C7C3B09A4261"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9B2FC5C7-B218-4B87-9805-F90AC0E7A281"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BBCDA64F-C49A-4F5B-B285-4079D8E3A499"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "85ED3457-CC21-4DB3-931F-677F723E1B2A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.bugzilla.org/security/2.16.2/",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/6861",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/6868",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |