Vulnerabilities > CVE-2002-0494 - Cross-Site Scripting vulnerability in Websight Directory System Websight Directory System 0.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

websight-directory-system

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name. This vulnerability is addressed in the following product release: WebSight Directory System, WebSight Directory System, 0.1.1

Vulnerable Configurations

Part	Description	Count
Application	Websight_Directory_System Websight Directory System Websight Directory System 0.1	1

References

http://sourceforge.net/forum/forum.php?forum_id=163389
http://www.iss.net/security_center/static/8624.php
http://www.securityfocus.com/archive/1/263914
http://www.securityfocus.com/bid/4357