{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-12-04T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-18T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20011204 NMRC Advisory - Multiple Valicert Problems", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2"}, {"name": "eva-admin-script-injection(7650)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7650"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.valicert.com/support/security_advisory_eva.html"}, {"name": "3619", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3619"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0948", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20011204 NMRC Advisory - Multiple Valicert Problems", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2"}, {"name": "eva-admin-script-injection(7650)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7650"}, {"name": "http://www.valicert.com/support/security_advisory_eva.html", "refsource": "CONFIRM", "url": "http://www.valicert.com/support/security_advisory_eva.html"}, {"name": "3619", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3619"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:37:06.779Z"}, "title": "CVE Program Container", "references": [{"name": "20011204 NMRC Advisory - Multiple Valicert Problems", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2"}, {"name": "eva-admin-script-injection(7650)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7650"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.valicert.com/support/security_advisory_eva.html"}, {"name": "3619", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3619"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0948", "datePublished": "2002-02-02T05:00:00", "dateReserved": "2002-01-31T00:00:00", "dateUpdated": "2024-08-08T04:37:06.779Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "0325EEE5-AD5F-4262-A379-C6F4A8F6B4DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "DC9EDA8D-1427-4FFB-B6E5-44296B945F1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "847A5CCA-A8A1-4B07-B60F-69E0E56E9384", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "27251C41-296E-4635-9727-37D661080994", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "474EF0B1-2D23-4149-A47B-F928DDB1F570", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.8:*:*:*:*:*:*:*", "matchCriteriaId": "D1DA047B-69A6-41D2-B98E-9753813F325F", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "5DB971CB-596A-4A53-A801-6934A64010E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "473714FE-2743-4144-8A02-29E5981A26D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "E49EE460-3930-45ED-B5C3-E7C72CECE122", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8147DB94-C5FA-45FA-A601-3FF4D2F6C93E", "vulnerable": true}, {"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2FBC1CB-22E4-4C67-9EE5-547EA6B1673E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed."}], "id": "CVE-2001-0948", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-12-04T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3619"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory", "URL Repurposed"], "url": "http://www.valicert.com/support/security_advisory_eva.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3619"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory", "URL Repurposed"], "url": "http://www.valicert.com/support/security_advisory_eva.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7650"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}