CVE-2002-1965
CVE-2002-1965 is a medium-severity vulnerability in Imatix Xitami with a CVSS 2.0 base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.3)
- EPSS exploit prediction: 2% (75th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Imatix Xitami
- Published:
- Last modified:
Description
Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request.
Frequently asked questions
- What is CVE-2002-1965?
- Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request.
- How severe is CVE-2002-1965?
- CVE-2002-1965 has a CVSS 2.0 base score of 4.3, rated medium severity.
- Is CVE-2002-1965 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (75th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2002-1965?
- CVE-2002-1965 primarily affects Imatix Xitami. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2002-1965?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2002-1965 published?
- CVE-2002-1965 was published on 2002-12-31 and last updated on 2026-06-16.
References
- http://online.securityfocus.com/archive/1/277058
- http://online.securityfocus.com/archive/1/279269
- http://www.securityfocus.com/bid/5025
Affected products (2)
- cpe:2.3:a:imatix:xitami:2.5_b4:*:*:*:*:*:*:*
- cpe:2.3:a:imatix:xitami:2.5_b5:*:*:*:*:*:*:*
More vulnerabilities in Imatix Xitami
- CVE-2008-6520 — Critical (CVSS 10.0): Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow…
- CVE-2008-6519 — Critical (CVSS 10.0): Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote…
- CVE-2007-5067 — High (CVSS 7.5): Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long…
- CVE-2002-1942 — Medium (CVSS 5.0): Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early,…
- CVE-2001-0391 — Medium (CVSS 5.0): Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.
- CVE-2000-1225 — Medium (CVSS 5.0): Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain…