VYPR

V/6

by Vignette

CVEs (3)

  • CVE-2003-0404Jun 30, 2003
    risk 0.03cvss epss 0.02

    Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.

  • CVE-2003-0398Jul 2, 2003
    risk 0.00cvss epss 0.03

    Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed.

  • CVE-2003-0405Jun 30, 2003
    risk 0.00cvss epss 0.02

    Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.