askSam Web Publisher Cross Site Scripting Vulnerability

askSam is a database system. An optional component, askSam Web Publisher (versions 1 and 4), is reportedly vulnerable to cross site scripting vulnerability in the as_web.exe (or as_web4.exe) component. This is due to a failure to strip script and HTML when returning error messages that include user input.

The same component can also disclose paths on the server when non-existant files are requested.


Bugtraq ID: 4670
Class: Input Validation Error
CVE: CVE-2002-1727

Remote: Yes
Local: No
Published: May 04 2002 12:00AM
Updated: Jan 31 2019 02:00AM
Credit: Posted to BugTraq on May 5, 2002 by frog frog <[email protected]>
Vulnerable: askSam systems askSam Web Publisher 4.0
- askSam systems askSam 4.0

Not Vulnerable:


The following examples will display an error message containing the complete path to the askSam directory:
These examples demonstrate the cross site scripting issue:


Related Posts