V/5
by Vignette
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0400 | 0.03 | — | 0.04 | Jun 30, 2003 | Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in… | |||
| CVE-2003-0404 | 0.03 | — | 0.02 | Jun 30, 2003 | Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template. | |||
| CVE-2003-0399 | 0.00 | — | 0.02 | Jul 2, 2003 | Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template. | |||
| CVE-2003-0398 | 0.00 | — | 0.03 | Jul 2, 2003 | Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed. | |||
| CVE-2003-0401 | 0.00 | — | 0.02 | Jun 30, 2003 | Vignette StoryServer and Vignette V/5 allows remote attackers to obtain sensitive information via a request for the /vgn/style template. | |||
| CVE-2003-0403 | 0.00 | — | 0.02 | Jun 30, 2003 | Vignette StoryServer 5 and Vignette V/5 allows remote attackers to read and modify license information, and cause a denial of service (service halt) by directly accessing the /vgn/license template. | |||
| CVE-2003-0402 | 0.00 | — | 0.02 | Jun 30, 2003 | The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks. |
- CVE-2003-0400Jun 30, 2003risk 0.03cvss —epss 0.04
Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in…
- CVE-2003-0404Jun 30, 2003risk 0.03cvss —epss 0.02
Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.
- CVE-2003-0399Jul 2, 2003risk 0.00cvss —epss 0.02
Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.
- CVE-2003-0398Jul 2, 2003risk 0.00cvss —epss 0.03
Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed.
- CVE-2003-0401Jun 30, 2003risk 0.00cvss —epss 0.02
Vignette StoryServer and Vignette V/5 allows remote attackers to obtain sensitive information via a request for the /vgn/style template.
- CVE-2003-0403Jun 30, 2003risk 0.00cvss —epss 0.02
Vignette StoryServer 5 and Vignette V/5 allows remote attackers to read and modify license information, and cause a denial of service (service halt) by directly accessing the /vgn/license template.
- CVE-2003-0402Jun 30, 2003risk 0.00cvss —epss 0.02
The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks.