Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl).

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Sambar
  • Sambar Server

Configuration 1 [-]

OR cpe:2.3:a:sambar:sambar_server:5.0:*:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta6:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:*:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:beta1:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:beta2:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:beta3:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:beta4:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:beta5:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.2:*:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.3:*:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:6.0:beta4:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:6.0:beta5:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/9578 Patch
http://securitytracker.com/id?1007819 Patch
http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true Vendor Advisory
http://www.osvdb.org/5782 Exploit Patch
http://www.osvdb.org/5783 Exploit Patch
http://www.osvdb.org/5784 Exploit Patch
http://www.osvdb.org/5785 Exploit Patch
http://www.osvdb.org/5805 Exploit Patch
http://www.sambar.com/security.htm Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13305
https://exchange.xforce.ibmcloud.com/vulnerabilities/16056
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-22T02:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-11-22T00:00:00

Link: CVE-2003-1285

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2003-12-31T05:00:00.000

Modified: 2017-07-11T01:29:51.387

Link: CVE-2003-1285

JSON object: View

cve-icon Redhat Information

No data.

CWE