CVE-2002-2378

Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page.

Published : 2002-12-31 05:00 Updated : 2008-09-05 20:33

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Nakata An Httpd 1.41d cpe:/a:nakata:an_httpd:1.41d
  1. Nakata (1) Search CVE
    1. An Httpd (1) Search CVE
      1. 1.41d

CWE

ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2002-12-31 05:00

New CVE