CVE-2003-1513

Description

Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp.

Affected products

• caucho_technology / resin2.0 – 2.0
• caucho_technology / resin2.1.1 – 2.1.1
• caucho_technology / resin2.1.2 – 2.1.2
• caucho_technology / resin2.1.12 – 2.1.12

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/10031
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/13460
• MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html
• MISChttp://www.securityfocus.com/bid/8852