NVD Vulnerability Detail

CVE-2003-1285

Summary	Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl).
Publication Date	Dec. 31, 2003, 2 p.m.
Registration Date	Jan. 29, 2021, 6:02 p.m.
Last Update	July 11, 2017, 10:29 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sambar:sambar_server:5.0:::::::*
cpe:2.3:a:sambar:sambar_server:5.0:beta1::::::
cpe:2.3:a:sambar:sambar_server:5.0:beta2::::::
cpe:2.3:a:sambar:sambar_server:5.0:beta3::::::
cpe:2.3:a:sambar:sambar_server:5.0:beta4::::::
cpe:2.3:a:sambar:sambar_server:5.0:beta5::::::
cpe:2.3:a:sambar:sambar_server:5.0:beta6::::::
cpe:2.3:a:sambar:sambar_server:5.1:::::::*
cpe:2.3:a:sambar:sambar_server:5.1:beta1::::::
cpe:2.3:a:sambar:sambar_server:5.1:beta2::::::
cpe:2.3:a:sambar:sambar_server:5.1:beta3::::::
cpe:2.3:a:sambar:sambar_server:5.1:beta4::::::
cpe:2.3:a:sambar:sambar_server:5.1:beta5::::::
cpe:2.3:a:sambar:sambar_server:5.2:::::::*
cpe:2.3:a:sambar:sambar_server:5.3:::::::*
cpe:2.3:a:sambar:sambar_server:6.0:beta1::::::
cpe:2.3:a:sambar:sambar_server:6.0:beta2::::::
cpe:2.3:a:sambar:sambar_server:6.0:beta3::::::
cpe:2.3:a:sambar:sambar_server:6.0:beta4::::::
cpe:2.3:a:sambar:sambar_server:6.0:beta5::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/9578	SECUNIA	Patch
2	http://securitytracker.com/id?1007819	SECTRACK	Patch
3	http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true	IDEFENSE	Vendor Advisory
4	http://www.osvdb.org/5782	OSVDB	Exploit Patch
5	http://www.osvdb.org/5783	OSVDB	Exploit Patch
6	http://www.osvdb.org/5784	OSVDB	Exploit Patch
7	http://www.osvdb.org/5785	OSVDB	Exploit Patch
8	http://www.osvdb.org/5805	OSVDB	Exploit Patch
9	http://www.sambar.com/security.htm	CONFIRM	Vendor Advisory
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/13305	XF
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/16056	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sambar:sambar_server:5.0:::::::*
cpe:2.3:a:sambar:sambar_server:5.0:beta1::::::
cpe:2.3:a:sambar:sambar_server:5.0:beta2::::::
cpe:2.3:a:sambar:sambar_server:5.0:beta3::::::
cpe:2.3:a:sambar:sambar_server:5.0:beta4::::::
cpe:2.3:a:sambar:sambar_server:5.0:beta5::::::
cpe:2.3:a:sambar:sambar_server:5.0:beta6::::::
cpe:2.3:a:sambar:sambar_server:5.1:::::::*
cpe:2.3:a:sambar:sambar_server:5.1:beta1::::::
cpe:2.3:a:sambar:sambar_server:5.1:beta2::::::
cpe:2.3:a:sambar:sambar_server:5.1:beta3::::::
cpe:2.3:a:sambar:sambar_server:5.1:beta4::::::
cpe:2.3:a:sambar:sambar_server:5.1:beta5::::::
cpe:2.3:a:sambar:sambar_server:5.2:::::::*
cpe:2.3:a:sambar:sambar_server:5.3:::::::*
cpe:2.3:a:sambar:sambar_server:6.0:beta1::::::
cpe:2.3:a:sambar:sambar_server:6.0:beta2::::::
cpe:2.3:a:sambar:sambar_server:6.0:beta3::::::
cpe:2.3:a:sambar:sambar_server:6.0:beta4::::::
cpe:2.3:a:sambar:sambar_server:6.0:beta5::::::