Unrated severityNVD Advisory· Published Apr 22, 2002· Updated Apr 16, 2026
CVE-2002-0166
CVE-2002-0166
Description
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
Affected products
21cpe:2.3:a:stephen_turner:analog:3.90_beta1:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:stephen_turner:analog:3.90_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:3.90_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.01:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.02:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.03:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.04:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.11:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.14:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.15:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.16:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.90_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.90_beta3:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.90_beta4:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:4.91_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:5.03:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:5.1a:*:*:*:*:*:*:*
- cpe:2.3:a:stephen_turner:analog:5.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6News mentions
0No linked articles in our index yet.