Lucene search

[email protected]CVE-2010-1742

HistoryMay 06, 2010 - 6:30 p.m.

CVE-2010-1742

2010-05-0618:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2010

1742

cross-site scripting

xss

vulnerability

scratcher

projects.php

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter.

Affected configurations

NVD

Node

satyadeepscratcher

CPENameOperatorVersion
satyadeep:scratchersatyadeep scratchereq*

CPE	Name	Operator	Version
satyadeep:scratcher	satyadeep scratcher	eq	*

References

osvdb.org/64219

packetstormsecurity.org/1004-exploits/scratcher-sqlxss.txt

secunia.com/advisories/39631

www.exploit-db.com/exploits/12458

www.securityfocus.com/bid/39827

exchange.xforce.ibmcloud.com/vulnerabilities/58235

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Related for CVE-2010-1742

cvelist1 prion1 nvd1