Vulnerability Description
Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which are not filtered by the stats program.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deepmetrix | Livestats | 6.2 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0207.html
- http://www.deepmetrix.com/log_analyzer/xsp/service/release_notes/index.asp
- http://www.iss.net/security_center/static/9390.phpVendor Advisory
- http://www.securityfocus.com/bid/5047Vendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0207.html
- http://www.deepmetrix.com/log_analyzer/xsp/service/release_notes/index.asp
- http://www.iss.net/security_center/static/9390.phpVendor Advisory
- http://www.securityfocus.com/bid/5047Vendor Advisory
FAQ
What is CVE-2002-0944?
CVE-2002-0944 is a vulnerability with a CVSS score of 7.5 (HIGH). Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which ar...
How severe is CVE-2002-0944?
CVE-2002-0944 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0944?
Check the references section above for vendor advisories and patch information. Affected products include: Deepmetrix Livestats.