Vulnerability Description
Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aol | Instant Messenger | 4.5 |
References
- http://online.securityfocus.com/archive/1/282443
- http://www.iss.net/security_center/static/9616.php
- http://www.mindflip.org/aim.htmlExploit
- http://www.securityfocus.com/bid/5246ExploitPatch
- http://online.securityfocus.com/archive/1/282443
- http://www.iss.net/security_center/static/9616.php
- http://www.mindflip.org/aim.htmlExploit
- http://www.securityfocus.com/bid/5246ExploitPatch
FAQ
What is CVE-2002-2169?
CVE-2002-2169 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user...
How severe is CVE-2002-2169?
CVE-2002-2169 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2169?
Check the references section above for vendor advisories and patch information. Affected products include: Aol Instant Messenger.