Detections
Analytics

CVE-2003-1554

medium

Description

Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/11658

http://www.securityfocus.com/bid/7235

http://www.securityfocus.com/archive/1/316747/30/25280/threaded

http://securityreason.com/securityalert/3781

http://secunia.com/advisories/8476

Details

Source: Mitre, NVD

Published: 2003-12-31

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium