Vulnerabilities > CVE-2003-0980 - Cross-Site Scripting vulnerability in Freescripts Visitorbook LE

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

freescripts

NVD

Published: 2004-01-05

Updated: 2016-10-18

Summary

Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters.

Vulnerable Configurations

Part	Description	Count
Application	Freescripts Freescripts Visitorbook Le	1

References

http://marc.info/?l=bugtraq&m=107107840622493&w=2
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt