PT-2002-2507 · Zeus · Zeus Web Server

Published

2002-12-31

Updated

2008-09-05

CVE-2002-1785

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Zeus Web Server versions 4.0 through 4.1r2

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users to inject arbitrary web script or HTML via the section parameter to "index.fcgi" API endpoint.

Recommendations For Zeus Web Server versions 4.0 through 4.1r2, avoid using the section parameter in the "index.fcgi" API endpoint until a fix is available. Consider restricting access to the index.fcgi endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1785

Affected Products

Zeus Web Server

PT-2002-2507 · Zeus · Zeus Web Server

CVE-2002-1785

Related Identifiers

Affected Products

References · 7