CVE-2003-0287
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
Vulnerabilidad de secuencias de comandos en sitios cruzados en Movable Type anterior a la 2.6 (y posiblemente otras versiones, incluida la 2.63), permite que atacantes remotos inserten script web arbitrario o HTML mediante el campo Name, posiblemente cuando la opción "Allow HTML in comments?" está habilitada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2003-05-13 CVE Reserved
- 2003-05-14 CVE Published
- 2024-03-11 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=105276879622636&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=105277690132079&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=105284589927655&w=2 | Mailing List | |
| http://www.securityfocus.com/bid/7560 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/12003 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Six Apart Search vendor "Six Apart" | Movable Type Search vendor "Six Apart" for product "Movable Type" | <= 2.6 Search vendor "Six Apart" for product "Movable Type" and version " <= 2.6" | - |
Affected
| ||||||
| Six Apart Search vendor "Six Apart" | Movable Type Search vendor "Six Apart" for product "Movable Type" | 2.63 Search vendor "Six Apart" for product "Movable Type" and version "2.63" | - |
Affected
| ||||||