Arbitrary HTML and Script Injection in Vignette StoryServer and V/5

Arbitrary HTML and Script Injection in Vignette StoryServer and V/5

CVE-2003-0404 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.

Learn more about our Cis Benchmark Audit For Server Software.