Vulnerabilities > CVE-2002-1315 - Cross-Site Scripting vulnerability in iPlanet Admin Server

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

iplanet

NVD

Published: 2002-11-29

Updated: 2016-10-18

Summary

Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).

Vulnerable Configurations

Part	Description	Count
Application	Iplanet Iplanet Iplanet WEB Server 4.1 Iplanet Iplanet WEB Server 4.1_Sp1 Iplanet Iplanet WEB Server 4.1_Sp2 Iplanet Iplanet WEB Server 4.1_Sp3 Iplanet Iplanet WEB Server 4.1_Sp4 Iplanet Iplanet WEB Server 4.1_Sp5 Iplanet Iplanet WEB Server 4.1_Sp6 Iplanet Iplanet WEB Server 4.1_Sp7 Iplanet Iplanet WEB Server 4.1_Sp8 Iplanet Iplanet WEB Server 4.1_Sp9 Iplanet Iplanet WEB Server 4.1_Sp10 Iplanet Iplanet WEB Server 4.1_Sp11	12

Summary

Vulnerable Configurations

References