CVE-2003-1136
published 2003-10-23CVE-2003-1136: Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.00%
91.2th percentile
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chi_kien_uong | chi_kien_uong_guestbook | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Improper Neutralization of Script in Attributes in a Web Page
mitre_cwe
CWE-83 Improper Neutralization of Script in Attributes in a Web Page
CWE-83: Improper Neutralization of Script in Attributes in a Web Page
The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Integrity, Availability. Impact: Read Application Data, Execute Unauthorized Code or Commands.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentiall
CWE
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
mitre_cwe
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Integrity, Availability. Impact: Read Application Data, Execute Unauthorized Code or Commands. An attacker could insert special characters that are processed client-side in the context of the user's session.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST),
http://secunia.com/advisories/10080http://securitytracker.com/id?1008006http://www.osvdb.org/2718http://www.securityfocus.com/archive/1/342475http://www.securityfocus.com/bid/8895http://www.securityfocus.com/bid/8896https://exchange.xforce.ibmcloud.com/vulnerabilities/13522https://exchange.xforce.ibmcloud.com/vulnerabilities/13523http://secunia.com/advisories/10080http://securitytracker.com/id?1008006http://www.osvdb.org/2718http://www.securityfocus.com/archive/1/342475http://www.securityfocus.com/bid/8895http://www.securityfocus.com/bid/8896https://exchange.xforce.ibmcloud.com/vulnerabilities/13522https://exchange.xforce.ibmcloud.com/vulnerabilities/13523
2003-10-23
Published