Description
Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Nomad Mobile Research Centre · textremotemultiple
https://www.exploit-db.com/exploits/21444
References (3)
Core 3
Core References
Patch, Vendor Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0068.html
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4717
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9053.php
Scores
EPSS
0.1640
EPSS Percentile
94.9%
Details
Status
published
Products (1)
critical_path/injoin_directory_server
4.0
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026