Executive Summary

Informations
Name CVE-2002-0230 First vendor Publication 2002-05-16
Vendor Cve Last vendor Modification 2016-10-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0230

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2008-01-17 Name : Debian Security Advisory DSA 109-1 (faqomatic)
File : nvt/deb_109_1.nasl
2005-11-03 Name : Various dangerous cgi scripts
File : nvt/dangerous_cgis.nasl
2005-11-03 Name : Faq-O-Matic fom.cgi XSS
File : nvt/faq_o_matic_xss.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
8661 Faq-O-Matic fom.cgi cmd Parameter Error Message XSS

Faq-O-Matic contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'cmd' variables upon submission to the 'fom.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 Faq-O-Matic fom.cgi access
RuleID : 2208-community - Revision : 17 - Type : SERVER-WEBAPP
2014-01-10 Faq-O-Matic fom.cgi access
RuleID : 2208 - Revision : 17 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2004-10-21 Name : A web CGI is vulnerable to cross-site scripting attacks.
File : faq_o_matic_xss.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-109.nasl - Type : ACT_GATHER_INFO
2003-06-17 Name : The remote web server may contain some dangerous CGI scripts.
File : dangerous_cgis.nasl - Type : ACT_ATTACK

Sources (Detail)

Source Url
BUGTRAQ http://marc.info/?l=bugtraq&m=101285834018701&w=2
http://marc.info/?l=bugtraq&m=101293973111873&w=2
CONFIRM http://sourceforge.net/mailarchive/forum.php?thread_id=464940&forum_id=6367
DEBIAN http://www.debian.org/security/2002/dsa-109

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2021-05-04 12:01:38
  • Multiple Updates
2021-04-22 01:01:46
  • Multiple Updates
2020-05-23 00:14:55
  • Multiple Updates
2016-10-18 12:00:59
  • Multiple Updates
2014-02-17 10:24:33
  • Multiple Updates
2014-01-19 21:21:38
  • Multiple Updates
2013-05-11 12:08:41
  • Multiple Updates