CVE-2002-1334
published 2002-12-11CVE-2002-1334: Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via…
PriorityP422medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.69%
90.7th percentile
Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bizdesign | imagefolio | — | — |
| bizdesign | imagefolio | — | — |
| bizdesign | imagefolio | — | — |
| bizdesign | imagefolio | — | — |
| bizdesign | imagefolio | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BizDesign ImageFolio 2.x/3.0.1 - 'imageFolio.cgi?direct' Cross-Site Scripting
exploitdb·2002-11-27
CVE-2002-1334 BizDesign ImageFolio 2.x/3.0.1 - 'imageFolio.cgi?direct' Cross-Site Scripting
BizDesign ImageFolio 2.x/3.0.1 - 'imageFolio.cgi?direct' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/6265/info
Reportedly, ImageFolio is prone to cross site scripting attacks due to insufficient sanitization of user-supplied input. The vulnerability exists in various cgi scripts included with ImageFolio.
As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running Bugzilla.
This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.
/cgi-bin/imageFolio.cgi?direct=alert("SecurityHole")
Exploit-DB
BizDesign ImageFolio 2.x/3.0.1 - 'nph-build.cgi' Cross-Site Scripting
exploitdb·2002-11-27
CVE-2002-1334 BizDesign ImageFolio 2.x/3.0.1 - 'nph-build.cgi' Cross-Site Scripting
BizDesign ImageFolio 2.x/3.0.1 - 'nph-build.cgi' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/6265/info
Reportedly, ImageFolio is prone to cross site scripting attacks due to insufficient sanitization of user-supplied input. The vulnerability exists in various cgi scripts included with ImageFolio.
As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running Bugzilla.
This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.
/cgi-bin/if/admin/nph-build.cgi?step=alert("SecurityHole")
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=103842773205148&w=2http://securitytracker.com/id?1005681http://www.securityfocus.com/bid/6265https://exchange.xforce.ibmcloud.com/vulnerabilities/10718http://marc.info/?l=bugtraq&m=103842773205148&w=2http://securitytracker.com/id?1005681http://www.securityfocus.com/bid/6265https://exchange.xforce.ibmcloud.com/vulnerabilities/10718
2002-12-11
Published