Published: 31/12/2003 Updated: 05/09/2008

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 up to and including 0.95zxv4 allows remote malicious users to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bajie java http server 0.95

source: wwwsecurityfocuscom/bid/8841/info Demonstration scripts and servlets that are distributed as part of Bajie HTTP Server have been reported prone to multiple cross-site scripting vulnerabilities It has been reported that a remote attacker may construct a malicious link containing script and HTML code to any one of the vulnerable d ...

CWE-79 http://www.securityfocus.com/archive/1/341452 http://www.securityfocus.com/bid/8841 http://secunia.com/advisories/10023 http://securityreason.com/securityalert/3306 http://www.geocities.com/gzhangx/websrv/docs/security.html https://nvd.nist.gov https://www.exploit-db.com/exploits/23257/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-1511

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect