CVE-2003-1511

Bajie Java HTTP Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Oliver Karow · textremotemultiple

https://www.exploit-db.com/exploits/23257

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/10023

[Exploit] http://securityreason.com/securityalert/3306

[Exploit] http://www.securityfocus.com/archive/1/341452

[Exploit, Patch] http://www.securityfocus.com/bid/8841

[Various Sources] http://www.geocities.com/gzhangx/websrv/docs/security.html

Scores

EPSS 0.0057

EPSS Percentile 68.1%

Classification

CWE

CWE-79

Status draft

Affected Products (6)

bajie/java_http_server

bajie/java_http_server

bajie/java_http_server

bajie/java_http_server

bajie/java_http_server

bajie/java_http_server

Timeline

Published Dec 31, 2003

Tracked Since Feb 18, 2026