CVE-2003-0404 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2003-0404

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.

Affected Software

Name	Vendor	Start Version	End Version
Content_suite	Vignette	5.0 (including)	5.0 (including)
Content_suite	Vignette	6.0 (including)	6.0 (including)
Content_suite	Vignette	7.0 (including)	7.0 (including)
Storyserver	Vignette	4.0 (including)	4.0 (including)
Storyserver	Vignette	4.1 (including)	4.1 (including)
Storyserver	Vignette	5.0 (including)	5.0 (including)
Vignette	Vignette	5.0 (including)	5.0 (including)

References

http://marc.info/?l=bugtraq\u0026m=105406028027360\u0026w=2
http://www.iss.net/security_center/static/12071.php
http://www.s21sec.com/es/avisos/s21sec-023-en.txt
http://www.securityfocus.com/bid/7687