Description
Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Ramon Pinuaga Cascales · textremoteunix
https://www.exploit-db.com/exploits/22648
References (4)
Core 4
Core References
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/12071.php
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105406028027360&w=2
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7687
Vendor Advisory x_refsource_misc
http://www.s21sec.com/es/avisos/s21sec-023-en.txt
Scores
EPSS
0.0079
EPSS Percentile
74.1%
Details
Status
published
Products (7)
vignette/content_suite
5.0
vignette/content_suite
6.0
vignette/content_suite
7.0
vignette/storyserver
4.0
vignette/storyserver
4.1
vignette/storyserver
5.0
vignette/vignette
5.0
Published
Jun 30, 2003
Tracked Since
Feb 18, 2026