Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request.
CVE Informations
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:P/A:N | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 21554
Publication date : 2002-06-13 22h00 +00:00
Author : Matthew Murphy
EDB Verified : Yes
source: https://www.securityfocus.com/bid/5025/info
Imatix Xitami is a webserver for Microsoft Windows operating systems.
It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages.
Xitami fails to check URLs for the presence of script commands when generating error pages returned from sample scripts that use Errors.gsl, allowing attacker supplied code to execute. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site.
http://www.<IMG%20SRC=""%20ONERROR="alert(document.cookie)">.target.com/error404
Products Mentioned
Configuraton 0
Imatix>>Xitami >> Version 2.5_b4
Imatix>>Xitami >> Version 2.5_b5
