cbcvebase.
CVE-2003-0063
published 2003-03-03

CVE-2003-0063: The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it…

PriorityP429high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
3.40%
87.4th percentile
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Affected

20 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianterminology< terminology 0.7.0-2 (bookworm)terminology 0.7.0-2 (bookworm)
debianxterm< xterm 238-2 (bookworm)xterm 238-2 (bookworm)
enlightenmentterminology
enlightenmentterminology>= 0 < 0.7.0-20.7.0-2
enlightenmentterminology>= 0 < 0.7.0-20.7.0-2
enlightenmentterminology>= 0 < 0.7.0-20.7.0-2
enlightenmentterminology>= 0 < 0.7.0-20.7.0-2
github.commigueldeicaza_swiftterm>= 0 < 1.2.01.2.0
invisible-islandxterm
invisible-islandxterm>= 0 < 238-2238-2
invisible-islandxterm>= 0 < 238-2238-2
invisible-islandxterm>= 0 < 238-2238-2
invisible-islandxterm>= 0 < 238-2238-2
xfree86_projectx11r6
xfree86_projectx11r6
xfree86_projectx11r6
xfree86_projectx11r6
xfree86_projectx11r6
xfree86_projectx11r6

CVSS provenance

nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa7.3HIGH
osv7.3HIGH
vendor_debian7.3MEDIUM
vendor_redhat7.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.