Lucene search

[email protected]CVE-2010-0699

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-0699

2022-10-0316:21:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-0699

vulnerability

xss

videosearchscript pro 3.5

remote attack

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.8%

JSON

Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Affected configurations

NVD

Node

videosearchscriptvideosearchscript_proMatch3.5

CPENameOperatorVersion
videosearchscript:videosearchscript_provideosearchscript videosearchscript proeq3.5

CPE	Name	Operator	Version
videosearchscript:videosearchscript_pro	videosearchscript videosearchscript pro	eq	3.5

References

packetstormsecurity.org/1002-exploits/vss-xss.txt

secunia.com/advisories/38701

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.8%

JSON

Related for CVE-2010-0699

cvelist1 prion1 nvd1