1. CVE-Search
  2. CVE-2003-0615
ID CVE-2003-0615
Summary Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:cgi.pm:cgi.pm:2.73:*:*:*:*:*:*:*
    cpe:2.3:a:cgi.pm:cgi.pm:2.73:*:*:*:*:*:*:*
  • cpe:2.3:a:cgi.pm:cgi.pm:2.74:*:*:*:*:*:*:*
    cpe:2.3:a:cgi.pm:cgi.pm:2.74:*:*:*:*:*:*:*
  • cpe:2.3:a:cgi.pm:cgi.pm:2.75:*:*:*:*:*:*:*
    cpe:2.3:a:cgi.pm:cgi.pm:2.75:*:*:*:*:*:*:*
  • cpe:2.3:a:cgi.pm:cgi.pm:2.76:*:*:*:*:*:*:*
    cpe:2.3:a:cgi.pm:cgi.pm:2.76:*:*:*:*:*:*:*
  • cpe:2.3:a:cgi.pm:cgi.pm:2.78:*:*:*:*:*:*:*
    cpe:2.3:a:cgi.pm:cgi.pm:2.78:*:*:*:*:*:*:*
  • cpe:2.3:a:cgi.pm:cgi.pm:2.79:*:*:*:*:*:*:*
    cpe:2.3:a:cgi.pm:cgi.pm:2.79:*:*:*:*:*:*:*
  • cpe:2.3:a:cgi.pm:cgi.pm:2.93:*:*:*:*:*:*:*
    cpe:2.3:a:cgi.pm:cgi.pm:2.93:*:*:*:*:*:*:*
  • cpe:2.3:a:cgi.pm:cgi.pm:2.751:*:*:*:*:*:*:*
    cpe:2.3:a:cgi.pm:cgi.pm:2.751:*:*:*:*:*:*:*
  • cpe:2.3:a:cgi.pm:cgi.pm:2.753:*:*:*:*:*:*:*
    cpe:2.3:a:cgi.pm:cgi.pm:2.753:*:*:*:*:*:*:*
  • cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*
    cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
CVSS
Base: 4.3 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2008-07-07T04:00:16.879-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Nabil Ouchn
      organization Security-Database
    • name Dragos Prisaca
      organization Secure Elements, Inc.
    definition_extensions
    • comment Solaris 8 (SPARC) is installed
      oval oval:org.mitre.oval:def:1539
    • comment Solaris 8 (x86) is installed
      oval oval:org.mitre.oval:def:2059
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    description Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
    family unix
    id oval:org.mitre.oval:def:307
    status accepted
    submitted 2006-09-22T05:52:00.000-04:00
    title CGI.pm start_form Cross-Site Scripting Vulnerability
    version 37
  • accepted 2007-04-25T19:52:33.013-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
    family unix
    id oval:org.mitre.oval:def:470
    status accepted
    submitted 2003-09-25T12:00:00.000-04:00
    title CGI.pm Cross-site Scripting Vulnerability
    version 37
redhat via4
advisories
rhsa
id RHSA-2003:256
refmap via4
bid 8231
bugtraq
  • 20030720 CGI.pm vulnerable to Cross-site Scripting
  • 20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)
cert-vn VU#246409
ciac N-155
conectiva CLA-2003:713
debian DSA-371
fulldisc 20030720 CGI.pm vulnerable to Cross-site Scripting.
mandrake MDKSA-2003:084
sco CSSA-2003-SCO.30
sectrack 1007234
secunia 13638
sunalert 101426
xf cgi-startform-xss(12669)
Last major update 03-05-2018 - 01:29
Published 27-08-2003 - 04:00
Last modified 03-05-2018 - 01:29
Back to Top