Vulnerability Details : CVE-2003-0602
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2003-0602
Probability of exploitation activity in the next 30 days: 0.51%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2003-0602
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2003-0602
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653
- http://www.bugzilla.org/security/2.16.2/
-
http://www.securityfocus.com/bid/6868
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/6861
Patch;Vendor Advisory
Products affected by CVE-2003-0602
- cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*