Cross-Site Scripting Vulnerabilities in Bonsai Mozilla CVS Query Tool by Mozilla
CVE-2003-0154

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bonsai
Vendor: CVE Published:; 2 April 2003

What is CVE-2003-0154?

The Bonsai Mozilla CVS Query Tool contains multiple cross-site scripting (XSS) vulnerabilities that can be exploited by remote attackers. Attackers may leverage these vulnerabilities by injecting malicious web scripts through parameters in various CGI scripts such as cvslog.cgi, cvsblame.cgi, cvsquery.cgi, and showcheckins.cgi. This can lead to unauthorized actions being executed in the context of the user’s session, compromising the web application's security and potentially exposing sensitive data.

References

http://bugzilla.mozilla.org/attachment.cgi?id=95985&actio...

x_refsource_CONFIRM

http://bugzilla.mozilla.org/attachment.cgi?id=95950&actio...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/5516

vdb-entryx_refsource_BID

EPSS Score

13% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2003
Vulnerability Reserved
Mar 19, 2003