Vulnerability Description
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Websight Directory System | Websight Directory System | 0.1 |
References
- http://sourceforge.net/forum/forum.php?forum_id=163389
- http://www.iss.net/security_center/static/8624.phpPatch
- http://www.securityfocus.com/archive/1/263914
- http://www.securityfocus.com/bid/4357Patch
- http://sourceforge.net/forum/forum.php?forum_id=163389
- http://www.iss.net/security_center/static/8624.phpPatch
- http://www.securityfocus.com/archive/1/263914
- http://www.securityfocus.com/bid/4357Patch
FAQ
What is CVE-2002-0494?
CVE-2002-0494 is a vulnerability with a CVSS score of 7.5 (HIGH). Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission cont...
How severe is CVE-2002-0494?
CVE-2002-0494 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0494?
Check the references section above for vendor advisories and patch information. Affected products include: Websight Directory System Websight Directory System.