CVE-2001-1352

medium

Description

Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7875

http://www.osvdb.org/5691

http://marc.info/?l=bugtraq&m=101068116016472&w=2

http://marc.info/?l=bugtraq&m=101060476404565&w=2

http://marc.info/?l=bugtraq&m=100947261916155&w=2

Details

Source: Mitre, NVD

Published: 2001-12-27

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.01075