Lucene search

[email protected]CVE-2010-1328

HistoryJul 06, 2010 - 5:17 p.m.

CVE-2010-1328

2010-07-0617:17:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-1328

xss

tornadostore

security vulnerability

web script injection

html injection

remote attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.

Affected configurations

NVD

Node

tornadostoretornadostoreRange≤1.4.3

CPENameOperatorVersion
tornadostore:tornadostoretornadostorele1.4.3

CPE	Name	Operator	Version
tornadostore:tornadostore	tornadostore	le	1.4.3

References

www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-xss-0107.php

www.securityfocus.com/bid/41233

exchange.xforce.ibmcloud.com/vulnerabilities/59951

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for CVE-2010-1328

packetstorm1 prion1 nvd1 cvelist1 securityvulns2