CVE-2002-2192
published 2002-12-31CVE-2002-2192: Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.69%
88.3th percentile
Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS wildcards are supported or (2) the query string in a "dir" request to indexed folders.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| perception | liteserve | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Perception LiteServe 2.0.1 - Directory Query String Cross-Site Scripting
exploitdb·2002-11-08
CVE-2002-2192 Perception LiteServe 2.0.1 - Directory Query String Cross-Site Scripting
Perception LiteServe 2.0.1 - Directory Query String Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/6143/info
A cross site scripting vulnerability has been discovered in Perception LiteServe.
It has been reported that LiteServe fails to sanitize query strings from indexed folders. It is possible for an attacker to exploit this issue by constructing a malicious link, containing encoded HTML and script code.
When the malicious link is clicked by an unsuspecting user, the attacker-supplied HTML and script code will be executed by their web client.
Attacks of this nature may make it possible for attackers to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.
http://liteserve.net/
Exploit-DB
Perception LiteServe 2.0.1 - DNS Wildcard Cross-Site Scripting
exploitdb·2002-11-08
CVE-2002-2192 Perception LiteServe 2.0.1 - DNS Wildcard Cross-Site Scripting
Perception LiteServe 2.0.1 - DNS Wildcard Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/6131/info
A cross site scripting vulnerability has been discovered in Perception LiteServe. It should be noted that this vulnerability is limited to server configurations with Wildcard DNS enabled.
It has been reported that LiteServe fails to sanitize requested hostnames when Wildcard DNS is used. This issue may allow an attacker to create a malicious link containing encoded HTML and script code in the requested hostname.
When the malicious link is clicked by an unsuspecting user, the attacker-supplied HTML and script code will be executed by their web client.
Attacks of this nature may make it possible for attackers to manipulate web content or to steal cookie-based authentic
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0063.htmlhttp://online.securityfocus.com/archive/1/298987http://www.iss.net/security_center/static/10561.phphttp://www.securityfocus.com/bid/6131http://www.securityfocus.com/bid/6143http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0063.htmlhttp://online.securityfocus.com/archive/1/298987http://www.iss.net/security_center/static/10561.phphttp://www.securityfocus.com/bid/6131http://www.securityfocus.com/bid/6143
2002-12-31
Published