Lucene search

[email protected]CVE-2010-0940

HistoryMar 08, 2010 - 3:30 p.m.

CVE-2010-0940

2010-03-0815:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-0940

cross-site scripting

xss vulnerability

guestbook.php

simple php guestbook 1.0

remote attackers

web script

html

action parameter

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.2%

JSON

Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

Affected configurations

NVD

Node

sanusartsimple_php_guestbookMatch1.0

CPENameOperatorVersion
sanusart:simple_php_guestbooksanusart simple php guestbookeq1.0

CPE	Name	Operator	Version
sanusart:simple_php_guestbook	sanusart simple php guestbook	eq	1.0

References

osvdb.org/61614

packetstormsecurity.org/1001-exploits/simplephpgb-xss.txt

secunia.com/advisories/38053

www.exploit-db.com/exploits/11077

exchange.xforce.ibmcloud.com/vulnerabilities/55522

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.2%

JSON

Related for CVE-2010-0940

prion1 cvelist1 nvd1