{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2003-03-18T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "6000", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6000"}, {"name": "ibm-wte-html-xss(10453)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/10453.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1167", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "6000", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6000"}, {"name": "ibm-wte-html-xss(10453)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10453.php"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1167", "datePublished": "2002-10-25T04:00:00", "dateReserved": "2002-09-27T00:00:00", "dateUpdated": "2003-03-18T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_caching_proxy_server:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "F5EFEB97-0E6F-4AFC-A9D6-F1E99FCAC242", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_caching_proxy_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "57F14A9A-C642-4DA7-AB89-C036F1FC3286", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request."}, {"lang": "es", "value": "Vulnerabilidad scripts en sitios cruzados en IBM Web Traffic Express Caching Proxy Server 3.6 y 3.x anteriores a 4.0.1.26 permite a atacantes remotos ejecutar c\u00f3digo como otros mediante una petici\u00f3n HTTP GET."}], "id": "CVE-2002-1167", "lastModified": "2008-09-10T19:13:59.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-11-04T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/10453.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6000"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}