{"api_version":"1","generated_at":"2026-05-15T05:21:41+00:00","cve":"CVE-2003-1554","urls":{"html":"https://cve.report/CVE-2003-1554","api":"https://cve.report/api/cve/CVE-2003-1554.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2003-1554","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2003-1554"},"summary":{"title":"CVE-2003-1554","description":"Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.","state":"PUBLISHED","assigner":"mitre","published_at":"2003-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/7235","name":"http://www.securityfocus.com/bid/7235","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"ScozBook HTML Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/11658","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/11658","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/3781","name":"http://securityreason.com/securityalert/3781","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"ScozBook BETA 1.1 vulnerabilities - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/8476","name":"http://secunia.com/advisories/8476","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - Advisories - ScozBook Cross Site Scripting","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1006413","name":"http://www.securitytracker.com/id?1006413","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"ScozBook Guestbook Input Validation Flaws Permit Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/316747/30/25280/threaded","name":"http://www.securityfocus.com/archive/1/316747/30/25280/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2003-1554","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2003-1554","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2003","cve_id":"1554","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"scoznet","cpe5":"scozbook","cpe6":"1.1_beta","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T02:35:16.383Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20030329 ScozBook BETA 1.1 vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/316747/30/25280/threaded"},{"name":"8476","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/8476"},{"name":"7235","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/7235"},{"name":"3781","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/3781"},{"name":"scozbook-add-xss(11658)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/11658"},{"name":"1006413","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1006413"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2003-03-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-19T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20030329 ScozBook BETA 1.1 vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/316747/30/25280/threaded"},{"name":"8476","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/8476"},{"name":"7235","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/7235"},{"name":"3781","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/3781"},{"name":"scozbook-add-xss(11658)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/11658"},{"name":"1006413","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1006413"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2003-1554","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20030329 ScozBook BETA 1.1 vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/316747/30/25280/threaded"},{"name":"8476","refsource":"SECUNIA","url":"http://secunia.com/advisories/8476"},{"name":"7235","refsource":"BID","url":"http://www.securityfocus.com/bid/7235"},{"name":"3781","refsource":"SREASON","url":"http://securityreason.com/securityalert/3781"},{"name":"scozbook-add-xss(11658)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/11658"},{"name":"1006413","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1006413"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2003-1554","datePublished":"2008-03-26T17:00:00.000Z","dateReserved":"2008-03-26T00:00:00.000Z","dateUpdated":"2024-08-08T02:35:16.383Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2003-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:scoznet:scozbook:1.1_beta:*:*:*:*:*:*:*","matchCriteriaId":"9F36523F-6E2F-42D7-B1B9-897E69654CAC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2003","CveId":"1554","Ordinal":"1","Title":"CVE-2003-1554","CVE":"CVE-2003-1554","Year":"2003"},"notes":[{"CveYear":"2003","CveId":"1554","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.","Type":"Description","Title":"CVE-2003-1554"},{"CveYear":"2003","CveId":"1554","Ordinal":"2","NoteData":"2008-03-26","Type":"Other","Title":"Published"},{"CveYear":"2003","CveId":"1554","Ordinal":"3","NoteData":"2018-10-19","Type":"Other","Title":"Modified"}]}}}