CVE-2002-0166

Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.

Published: Apr 22, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0166
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
stephen_turner / analog	5.01	5.01.x
stephen_turner / analog	4.90_beta2	4.90_beta2.x
stephen_turner / analog	5.2	5.2.x
stephen_turner / analog	4.91_beta1	4.91_beta1.x
stephen_turner / analog	5.02	5.02.x
stephen_turner / analog	3.90_beta1	3.90_beta1.x
stephen_turner / analog	4.04	4.04.x
stephen_turner / analog	4.16	4.16.x
stephen_turner / analog	5.03	5.03.x
stephen_turner / analog	3.90_beta2	3.90_beta2.x
stephen_turner / analog	4.1	4.1.x
stephen_turner / analog	4.15	4.15.x
stephen_turner / analog	4.02	4.02.x
stephen_turner / analog	4.90_beta4	4.90_beta4.x
stephen_turner / analog	4.14	4.14.x
stephen_turner / analog	5.1a	5.1a.x
stephen_turner / analog	4.11	4.11.x
stephen_turner / analog	4.03	4.03.x
stephen_turner / analog	5.0	5.0.x
stephen_turner / analog	4.90_beta3	4.90_beta3.x
stephen_turner / analog	4.01	4.01.x

Vulnerability Database

CVE-2002-0166