CVE-2002-1315 — Cross-site Scripting in WEB Server

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

1.9%

top 16.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Iplanet WEB Server

Timeline

PublishedNov 29

Latest updateApr 30

Description

Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDiplanet/iplanet_web_server12 versions+11

🔴Vulnerability Details

GHSA

GHSA-6j9f-c956-rhqf: Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4↗2022-04-30

▶

CVEList

CVE-2002-1315: Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4↗2002-11-21

▶