Lucene search

[email protected]CVE-2010-0997

HistoryApr 20, 2010 - 4:30 p.m.

CVE-2010-0997

2010-04-2016:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-0997

xss vulnerability

e107

content management plugin

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.3%

JSON

Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.

Affected configurations

NVD

Node

e107e107Range≤0.7.19

e107e107Match0.7.0

e107e107Match0.7.1

e107e107Match0.7.2

e107e107Match0.7.3

e107e107Match0.7.4

e107e107Match0.7.5

e107e107Match0.7.6

e107e107Match0.7.7

e107e107Match0.7.8

e107e107Match0.7.9

e107e107Match0.7.10

e107e107Match0.7.11

e107e107Match0.7.12

e107e107Match0.7.13

e107e107Match0.7.14

e107e107Match0.7.15

e107e107Match0.7.16

e107e107Match0.7.17

e107e107Match0.7.18

CPENameOperatorVersion
e107:e107e107le0.7.19
e107:e107e107eq0.7.0
e107:e107e107eq0.7.1
e107:e107e107eq0.7.2
e107:e107e107eq0.7.3
e107:e107e107eq0.7.4
e107:e107e107eq0.7.5
e107:e107e107eq0.7.6
e107:e107e107eq0.7.7
e107:e107e107eq0.7.8

CPE	Name	Operator	Version
e107:e107	e107	le	0.7.19
e107:e107	e107	eq	0.7.0
e107:e107	e107	eq	0.7.1
e107:e107	e107	eq	0.7.2
e107:e107	e107	eq	0.7.3
e107:e107	e107	eq	0.7.4
e107:e107	e107	eq	0.7.5
e107:e107	e107	eq	0.7.6
e107:e107	e107	eq	0.7.7
e107:e107	e107	eq	0.7.8