CVE-2002-0955 - OpenCVE

Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Yabb	Yabb

Configuration 1 [-]

cpe:2.3:a:yabb:yabb:1_gold_sp_1:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.html
http://www.iss.net/security_center/static/9408.php	Vendor Advisory
http://www.securityfocus.com/bid/5078	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-08-31T04:00:00

Updated: 2002-09-10T09:00:00

Reserved: 2002-08-16T00:00:00

Link: CVE-2002-0955

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-10-04T04:00:00.000

Modified: 2008-09-05T20:29:23.487

Link: CVE-2002-0955

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-06-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-09-10T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "yabb-invalid-thread-xss(9408)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/9408.php"}, {"name": "20020621 [AP] YaBB Cross-Site Scripting vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.html"}, {"name": "5078", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/5078"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0955", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "yabb-invalid-thread-xss(9408)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9408.php"}, {"name": "20020621 [AP] YaBB Cross-Site Scripting vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.html"}, {"name": "5078", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5078"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0955", "datePublished": "2002-08-31T04:00:00", "dateReserved": "2002-08-16T00:00:00", "dateUpdated": "2002-09-10T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}