CVE-2002-1315 Information

Description

Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x up to SP11 allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).

Reference

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html http://marc.info/?l=bugtraq&m=103772308030269&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1 http://www.iss.net/security_center/static/10692.php http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt http://www.securityfocus.com/bid/6202