Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0154

4 documents4 sources
Severity
6.8MEDIUM
EPSS
13.3%
top 5.82%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mozilla Bonsai
Timeline
PublishedApr 2
Latest updateApr 29

Description

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: www.debian.orgPatch: www.securityfocus.comPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-jxf4-6hgg-qvgr: Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, r2022-04-29
CVEList
CVE-2003-0154: Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, r2003-03-26

💥Exploits & PoCs

1
Exploit-DB
Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities2002-08-20
CVE-2003-0154 (MEDIUM CVSS 6.8) | Cross-site scripting vulnerabilitie | cvebase.io