exploitDog

CVE-2001-1157

Опубликовано: 12 авг. 2001

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.

Ссылки

http://www.securityfocus.com/archive/1/203821
Vendor Advisory
http://www.securityfocus.com/bid/3172
Vendor Advisory
http://www.securityfocus.com/bid/3173
Vendor Advisory
http://www.securityfocus.com/archive/1/203821
Vendor Advisory
http://www.securityfocus.com/bid/3172
Vendor Advisory
http://www.securityfocus.com/bid/3173
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:baltimore_technologies:websweeper:4.0:*:*:*:*:*:*:*

cpe:2.3:o:baltimore_technologies:websweeper:4.02:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00415

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-jfq5-58cv-4455

github

больше 3 лет назад

Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.

EPSS

Процентиль: 61%

0.00415

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other