CVE: CVE-2003-0736 - CVE-Search

CVE Details for CVE: CVE-2003-0736

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.

Timestamps
Last major update	18-10-2016 - 02:37
Published	20-10-2003 - 04:00
Last modified	18-10-2016 - 02:37

References

Vulnerable Configurations

cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*
cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

6.8

Impact

6.4

Exploitability

8.6

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities 20030902 GLSA: phpwebsite (200309-03)
cert-vn	VU#664422