CVE-2001-0835

medium

Description

Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7351

https://exchange.xforce.ibmcloud.com/vulnerabilities/7350

http://www.securityfocus.com/bid/3473

http://www.redhat.com/support/errata/RHSA-2001-141.html

http://www.redhat.com/support/errata/RHSA-2001-140.html

http://www.mrunix.net/webalizer/news.html

http://www.linuxsecurity.com/advisories/other_advisory-1677.html

http://marc.info/?l=bugtraq&m=100394630702875&w=2

http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html

Details

Source: Mitre, NVD

Published: 2001-12-06

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium