Cross-Site Scripting Vulnerability in Cobalt RAQ 4 by Cobalt Networks
CVE-2002-0346

Currently unrated

Key Information:

Vendor
Oracle
Status
Cobalt Raq 3i
Cobalt Raq 2
Cobalt Raq 4
Vendor
CVE Published:
25 June 2002

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The vulnerability allows remote attackers to inject arbitrary scripts into web pages viewed by Cobalt RAQ 4 users. By exploiting this flaw, attackers can leverage crafted URLs to execute malicious JavaScript code through the affected service scripts (service.cgi and alert.cgi). This unauthorized script execution poses a significant risk as it can lead to unauthorized access to user sessions or sensitive information.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2002-0346
Created by alt3kx

References

http://www.iss.net/security_center/static/8321.php
vdb-entryx_refsource_XF
http://marc.info/?l=bugtraq&m=101495944202452&w=2
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/4211
vdb-entryx_refsource_BID

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2002-0346 : Cross-Site Scripting Vulnerability in Cobalt RAQ 4 by Cobalt Networks | SecurityVulnerability.io