PT-2002-1276 · Plumtree · Plumtree Corporate Portal

Publicado

2002-05-03

Atualizado

2016-10-18

CVE-2002-0205

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Plumtree Corporate Portal versions 3.5 through 4.5

Description A cross-site scripting issue in the error.asp file of Plumtree Corporate Portal allows remote attackers to execute arbitrary scripts on other clients. This is achieved via the Description parameter.

Recommendations For versions 3.5 through 4.5, avoid using the Description parameter in the error.asp file until a fix is available. As a temporary workaround, consider restricting access to the error.asp file to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-0205

Produtos afetados

Plumtree Corporate Portal

PT-2002-1276 · Plumtree · Plumtree Corporate Portal

CVE-2002-0205

Identificadores relacionados

Produtos afetados

Referências · 5