fkie_cve-2003-0615
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713
cve@mitre.orghttp://marc.info/?l=bugtraq&m=105880349328877&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=106018783704468&w=2
cve@mitre.orghttp://marc.info/?l=full-disclosure&m=105875211018698&w=2
cve@mitre.orghttp://secunia.com/advisories/13638
cve@mitre.orghttp://securitytracker.com/id?1007234
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/n-155.shtml
cve@mitre.orghttp://www.debian.org/security/2003/dsa-371
cve@mitre.orghttp://www.kb.cert.org/vuls/id/246409US Government Resource
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-256.html
cve@mitre.orghttp://www.securityfocus.com/bid/8231Patch, Vendor Advisory
cve@mitre.orghttp://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/12669
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=105880349328877&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=106018783704468&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=full-disclosure&m=105875211018698&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13638
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1007234
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/n-155.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-371
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/246409US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-256.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/8231Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/12669
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470
Impacted products
Vendor Product Version
cgi.pm cgi.pm 2.73
cgi.pm cgi.pm 2.74
cgi.pm cgi.pm 2.75
cgi.pm cgi.pm 2.76
cgi.pm cgi.pm 2.78
cgi.pm cgi.pm 2.79
cgi.pm cgi.pm 2.93
cgi.pm cgi.pm 2.751
cgi.pm cgi.pm 2.753
openpkg openpkg 1.2
openpkg openpkg 1.3
openpkg openpkg current
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "0621A90A-5B7E-4B6C-A55E-DCFB26C833C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "39FCDC55-8C02-425D-B314-AFA337D6787E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0D431DA-E195-4FBC-8746-47352131FD2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2D3333-7A7E-416A-A540-49CB65ED1E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "010B0873-8430-4331-8059-C4A21DF6C969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE0ECE1B-36BB-4523-8DAD-0404E1D48A26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "F213FC8F-1F7C-4A6A-AC6B-7F644E614AFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.751:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DEDBBEF-303E-4827-8E3C-462C03F9F4F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.753:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EAD58C1-FE0F-4BBC-8472-98DFF7191D04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6ADD463-E918-4F4D-9FA7-D109EBC98BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
              "matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
              "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
              "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
              "matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
              "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
              "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
              "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
              "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
              "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en start_form() de CGI.pm permite a atacantes remotos insertar script web mediante una URL que es introducida en par\u00e1metro \"action\" del formulario."
    }
  ],
  "id": "CVE-2003-0615",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-08-27T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/13638"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1007234"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/n-155.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-371"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/246409"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-256.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/13638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1007234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/n-155.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/246409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-256.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.