CVE-2003-1513

Name of the Vulnerable Software and Affected Versions Caucho Technology Resin versions 2.0 through 2.1.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in example scripts. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected scripts include env.jsp, form.jsp, session.jsp, tictactoe.jsp, and guestbook.jsp. Specifically, the vulnerabilities can be exploited through the move parameter to tictactoe.jsp, or the name or comment fields to guestbook.jsp.

Recommendations For versions 2.0 through 2.1.2, consider disabling access to the example scripts, specifically env.jsp, form.jsp, session.jsp, tictactoe.jsp, and guestbook.jsp, until a patch is available. Restrict input to the move parameter in tictactoe.jsp and the name and comment fields in guestbook.jsp to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.