CVE-2002-1334

Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi.

Published: Dec 11, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1334
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bizdesign / imagefolio	2.26	2.26.x
bizdesign / imagefolio	2.24	2.24.x
bizdesign / imagefolio	2.27	2.27.x
bizdesign / imagefolio	2.23	2.23.x
bizdesign / imagefolio	3.0.1	3.0.1.x

http://marc.info/?l=bugtraq&m=103842773205148&w=2
http://securitytracker.com/id?1005681
http://www.securityfocus.com/bid/6265
https://exchange.xforce.ibmcloud.com/vulnerabilities/10718

Vulnerability Database

CVE-2002-1334