National Cyber-Alert System
Vulnerability Summary: CVE-2002-2151
Orirignal release date: 2002-12-31
Source: US-CERT/NIST

Overview

    Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions.

Impact

    CVSS Severity: 4.7 (Medium)
    Range: remote
    Authentication: input
    Impact Type: conf,int

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Search97 (Verity)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2151