CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2002-1683 – Working Resources BadBlue 1.7.3 - 'cleanSearchString()' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1683
Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function. • https://www.exploit-db.com/exploits/21599 http://online.securityfocus.com/archive/1/281141 http://www.securityfocus.com/bid/5179 https://exchange.xforce.ibmcloud.com/vulnerabilities/9514 •
CVSS: 5.0EPSS: 84%CPEs: 2EXPL: 2CVE-2002-1023 – Working Resources BadBlue 1.7.3 - GET Denial of Service
https://notcve.org/view.php?id=CVE-2002-1023
BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. • https://www.exploit-db.com/exploits/21600 http://archives.neohapsis.com/archives/bugtraq/2002-07/0082.html http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html http://www.iss.net/security_center/static/9528.php http://www.securityfocus.com/bid/5187 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2CVE-2002-1021 – Working Resources 1.7.3 BadBlue - Null Byte File Disclosure
https://notcve.org/view.php?id=CVE-2002-1021
BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. • https://www.exploit-db.com/exploits/21616 http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html http://www.iss.net/security_center/static/9557.php http://www.securityfocus.com/bid/5226 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2002-1022
https://notcve.org/view.php?id=CVE-2002-1022
BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html http://www.iss.net/security_center/static/9558.php http://www.securityfocus.com/bid/5228 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0800
https://notcve.org/view.php?id=CVE-2002-0800
BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0003.html http://www.iss.net/security_center/static/9239.php http://www.securityfocus.com/bid/4912 •