PT-2002-1276 · Plumtree · Plumtree Corporate Portal

Published

2002-05-03

Updated

2016-10-18

CVE-2002-0205

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Plumtree Corporate Portal versions 3.5 through 4.5

Description A cross-site scripting issue in the error.asp file of Plumtree Corporate Portal allows remote attackers to execute arbitrary scripts on other clients. This is achieved via the Description parameter.

Recommendations For versions 3.5 through 4.5, avoid using the Description parameter in the error.asp file until a fix is available. As a temporary workaround, consider restricting access to the error.asp file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0205

Affected Products

Plumtree Corporate Portal

PT-2002-1276 · Plumtree · Plumtree Corporate Portal

CVE-2002-0205

Related Identifiers

Affected Products

References · 5