Description
Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by euronymous · textremotecgi
https://www.exploit-db.com/exploits/22000
References (4)
Core 4
Core References
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10567.php
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-11/0104.html
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/302961
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6144
Scores
EPSS
0.0033
EPSS Percentile
56.1%
Details
Status
published
Products (6)
zeus_technologies/zeus_web_server
4.0
zeus_technologies/zeus_web_server
4.1
zeus_technologies/zeus_web_server
4.1_r1
zeus_technologies/zeus_web_server
4.1_r2
zeus_technologies/zeus_web_server
4.1_r3
zeus_technologies/zeus_web_server
4.1_r4
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026