CVE-2003-0404 | Vulnerability Database | Aqua Security

Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.

Affected Software

Name	Vendor	Start Version	End Version
Content_suite	Vignette	5.0 (including)	5.0 (including)
Content_suite	Vignette	6.0 (including)	6.0 (including)
Content_suite	Vignette	7.0 (including)	7.0 (including)
Storyserver	Vignette	4.0 (including)	4.0 (including)
Storyserver	Vignette	4.1 (including)	4.1 (including)
Storyserver	Vignette	5.0 (including)	5.0 (including)
Vignette	Vignette	5.0 (including)	5.0 (including)

References

http://marc.info/?l=bugtraq\u0026m=105406028027360\u0026w=2
http://www.iss.net/security_center/static/12071.php
http://www.s21sec.com/es/avisos/s21sec-023-en.txt
http://www.securityfocus.com/bid/7687
http://marc.info/?l=bugtraq\u0026m=105406028027360\u0026w=2
http://www.iss.net/security_center/static/12071.php
http://www.s21sec.com/es/avisos/s21sec-023-en.txt
http://www.securityfocus.com/bid/7687

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0404
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html