Lucene search

[email protected]CVE-2010-1712

HistoryMay 04, 2010 - 4:00 p.m.

CVE-2010-1712

2010-05-0416:00:35

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-1712

cross-site scripting

xss

webmobo wb news 2.3.3

security vulnerability

remote attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

webmobowbnewsMatch2.3.3

CPENameOperatorVersion
webmobo:wbnewswebmobo wbnewseq2.3.3

CPE	Name	Operator	Version
webmobo:wbnews	webmobo wbnews	eq	2.3.3

References

inj3ct0r.com/exploits/11914

secunia.com/advisories/39516

www.exploit-db.com/exploits/12323

www.hack0wn.com/view.php?xroot=1310.0&cat=exploits

www.itsecteam.com/en/vulnerabilities/vulnerability44.htm

www.osvdb.org/63973

www.securityfocus.com/bid/39626

exchange.xforce.ibmcloud.com/vulnerabilities/58025

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for CVE-2010-1712

nvd1 prion1 cvelist1