{"api_version":"1","generated_at":"2026-04-24T13:52:49+00:00","cve":"CVE-2002-1651","urls":{"html":"https://cve.report/CVE-2002-1651","api":"https://cve.report/api/cve/CVE-2002-1651.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2002-1651","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2002-1651"},"summary":{"title":"CVE-2002-1651","description":"Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions.","state":"PUBLISHED","assigner":"mitre","published_at":"2002-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/9441","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/9441","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/5102","name":"http://www.securityfocus.com/bid/5102","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Verity Search97 Error Page Cross Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.kb.cert.org/vuls/id/636431","name":"http://www.kb.cert.org/vuls/id/636431","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","US Government Resource"],"title":"CERT/CC Vulnerability Note VU#636431","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2002-1651","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-1651","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2002","cve_id":"1651","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"verity","cpe5":"search97","cpe6":"2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T03:34:55.825Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"5102","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/5102"},{"name":"VU#636431","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/636431"},{"name":"verity-search97-xss(9441)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/9441"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2002-03-19T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"5102","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/5102"},{"name":"VU#636431","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/636431"},{"name":"verity-search97-xss(9441)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/9441"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2002-1651","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"5102","refsource":"BID","url":"http://www.securityfocus.com/bid/5102"},{"name":"VU#636431","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/636431"},{"name":"verity-search97-xss(9441)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/9441"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2002-1651","datePublished":"2005-03-28T05:00:00.000Z","dateReserved":"2005-03-29T00:00:00.000Z","dateUpdated":"2024-08-08T03:34:55.825Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2002-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:verity:search97:2.1:*:*:*:*:*:*:*","matchCriteriaId":"1F125BDD-6E32-4AA1-8B04-164B8F236B40"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2002","CveId":"1651","Ordinal":"1","Title":"CVE-2002-1651","CVE":"CVE-2002-1651","Year":"2002"},"notes":[{"CveYear":"2002","CveId":"1651","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions.","Type":"Description","Title":"CVE-2002-1651"},{"CveYear":"2002","CveId":"1651","Ordinal":"2","NoteData":"2005-03-28","Type":"Other","Title":"Published"},{"CveYear":"2002","CveId":"1651","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}