CVE-2003-0615

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

Vulnerabilidad de secuencias de comandos en sitios cruzados en start_form() de CGI.pm permite a atacantes remotos insertar script web mediante una URL que es introducida en parámetro "action" del formulario.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2003-07-30 CVE Reserved
2003-08-01 CVE Published
2024-02-08 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (18)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=105880349328877&w=2	Mailing List
http://marc.info/?l=bugtraq&m=106018783704468&w=2	Mailing List
http://marc.info/?l=full-disclosure&m=105875211018698&w=2	Mailing List
http://secunia.com/advisories/13638	Third Party Advisory
http://securitytracker.com/id?1007234	Vdb Entry
http://www.ciac.org/ciac/bulletins/n-155.shtml	Government Resource
http://www.kb.cert.org/vuls/id/246409	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/12669	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470	Signature

URL	Date	SRC

URL	Date	SRC
http://www.securityfocus.com/bid/8231	2018-05-03

URL	Date	SRC
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713	2018-05-03
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1	2018-05-03
http://www.debian.org/security/2003/dsa-371	2018-05-03
http://www.redhat.com/support/errata/RHSA-2003-256.html	2018-05-03
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084	2018-05-03
https://access.redhat.com/security/cve/CVE-2003-0615	2003-09-22
https://bugzilla.redhat.com/show_bug.cgi?id=1617059	2003-09-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cgi.pm Search vendor "Cgi.pm"		Cgi.pm Search vendor "Cgi.pm" for product "Cgi.pm"				2.73 Search vendor "Cgi.pm" for product "Cgi.pm" and version "2.73"		-		Affected
Cgi.pm Search vendor "Cgi.pm"		Cgi.pm Search vendor "Cgi.pm" for product "Cgi.pm"				2.74 Search vendor "Cgi.pm" for product "Cgi.pm" and version "2.74"		-		Affected
Cgi.pm Search vendor "Cgi.pm"		Cgi.pm Search vendor "Cgi.pm" for product "Cgi.pm"				2.75 Search vendor "Cgi.pm" for product "Cgi.pm" and version "2.75"		-		Affected
Cgi.pm Search vendor "Cgi.pm"		Cgi.pm Search vendor "Cgi.pm" for product "Cgi.pm"				2.76 Search vendor "Cgi.pm" for product "Cgi.pm" and version "2.76"		-		Affected
Cgi.pm Search vendor "Cgi.pm"		Cgi.pm Search vendor "Cgi.pm" for product "Cgi.pm"				2.78 Search vendor "Cgi.pm" for product "Cgi.pm" and version "2.78"		-		Affected
Cgi.pm Search vendor "Cgi.pm"		Cgi.pm Search vendor "Cgi.pm" for product "Cgi.pm"				2.79 Search vendor "Cgi.pm" for product "Cgi.pm" and version "2.79"		-		Affected
Cgi.pm Search vendor "Cgi.pm"		Cgi.pm Search vendor "Cgi.pm" for product "Cgi.pm"				2.93 Search vendor "Cgi.pm" for product "Cgi.pm" and version "2.93"		-		Affected
Cgi.pm Search vendor "Cgi.pm"		Cgi.pm Search vendor "Cgi.pm" for product "Cgi.pm"				2.751 Search vendor "Cgi.pm" for product "Cgi.pm" and version "2.751"		-		Affected
Cgi.pm Search vendor "Cgi.pm"		Cgi.pm Search vendor "Cgi.pm" for product "Cgi.pm"				2.753 Search vendor "Cgi.pm" for product "Cgi.pm" and version "2.753"		-		Affected
Openpkg Search vendor "Openpkg"		Openpkg Search vendor "Openpkg" for product "Openpkg"				1.2 Search vendor "Openpkg" for product "Openpkg" and version "1.2"		-		Affected
Openpkg Search vendor "Openpkg"		Openpkg Search vendor "Openpkg" for product "Openpkg"				1.3 Search vendor "Openpkg" for product "Openpkg" and version "1.3"		-		Affected
Openpkg Search vendor "Openpkg"		Openpkg Search vendor "Openpkg" for product "Openpkg"				current Search vendor "Openpkg" for product "Openpkg" and version "current"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		alpha		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		arm		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		hppa		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		ia-32		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		ia-64		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		m68k		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		mips		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		mipsel		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		ppc		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		s-390		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		sparc		Affected