National Cyber-Alert System

Vulnerability Summary for CVE-2003-0615

Overview

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#246409

Name: VU#246409

Hyperlink:http://www.kb.cert.org/vuls/id/246409

External Source: BID

Name: 8231

Type: Advisory; Patch Information

Hyperlink:http://www.securityfocus.com/bid/8231

External Source: BUGTRAQ

Name: 20030720 CGI.pm vulnerable to Cross-site Scripting

Type: Advisory; Patch Information

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=105880349328877&w=2

External Source: XF

Name: cgi-startform-xss(12669)

Hyperlink:http://xforce.iss.net/xforce/xfdb/12669

External Source: REDHAT

Name: RHSA-2003:256

Hyperlink:http://www.redhat.com/support/errata/RHSA-2003-256.html

External Source: DEBIAN

Name: DSA-371

Hyperlink:http://www.debian.org/security/2003/dsa-371

External Source: MANDRAKE

Name: MDKSA-2003:084

Hyperlink:http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084

External Source: CIAC

Name: N-155

Hyperlink:http://www.ciac.org/ciac/bulletins/n-155.shtml

External Source: SUNALERT

Name: 101426

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1

External Source: SECTRACK

Name: 1007234

Hyperlink:http://securitytracker.com/id?1007234

External Source: SECUNIA

Name: 13638

Hyperlink:http://secunia.com/advisories/13638

External Source: FULLDISC

Name: 20030720 CGI.pm vulnerable to Cross-site Scripting.

Hyperlink:http://marc.theaimsgroup.com/?l=full-disclosure&m=105875211018698&w=2

External Source: BUGTRAQ

Name: 20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=106018783704468&w=2

External Source: CONECTIVA

Name: CLA-2003:713

Hyperlink:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713

US Government Resource: oval:org.mitre.oval:def:470

Name: oval:org.mitre.oval:def:470

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:470

US Government Resource: oval:org.mitre.oval:def:307

Name: oval:org.mitre.oval:def:307

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:307