CVE-2002-2044 — MEDIUM (4.3)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Xqus	X-Stat	2.2

References

http://seclists.org/lists/vuln-dev/2002/Mar/0156.html
http://securitytracker.com/id?1003827Exploit
http://www.ifrance.com/kitetoua/tuto/x_holes.txtVendor Advisory
http://www.iss.net/security_center/static/8468.php
http://www.securityfocus.com/bid/4281
http://seclists.org/lists/vuln-dev/2002/Mar/0156.html
http://securitytracker.com/id?1003827Exploit
http://www.ifrance.com/kitetoua/tuto/x_holes.txtVendor Advisory
http://www.iss.net/security_center/static/8468.php
http://www.securityfocus.com/bid/4281

FAQ

What is CVE-2002-2044?

CVE-2002-2044 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action.

How severe is CVE-2002-2044?

CVE-2002-2044 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-2044?

Check the references section above for vendor advisories and patch information. Affected products include: Xqus X-Stat.