Lucene search

[email protected]CVE-2010-2155

HistoryJun 03, 2010 - 4:30 p.m.

CVE-2010-2155

2010-06-0316:30:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-2155

cross-site scripting

xss

zonecheck

security vulnerabilities

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) domainname in a zc-title row, different vulnerabilities than CVE-2009-4882.

Affected configurations

NVD

Node

zonecheckzonecheckMatch2.1.0

CPENameOperatorVersion
zonecheck:zonecheckzonecheckeq2.1.0

CPE	Name	Operator	Version
zonecheck:zonecheck	zonecheck	eq	2.1.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=583290

cvs.savannah.gnu.org/viewvc/zonecheck/zc/publisher/html.rb?root=zonecheck&r1=1.79&r2=1.80

cvs.savannah.gnu.org/viewvc/zonecheck/zc/publisher/html.rb?root=zonecheck&view=log#rev1.80

secunia.com/advisories/40083

www.debian.org/security/2010/dsa-2056

www.vupen.com/english/advisories/2010/1351

www.vupen.com/english/advisories/2010/1354

savannah.nongnu.org/bugs/?29967

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.5%

JSON

Related for CVE-2010-2155

nvd3 nessus1 openvas2 ubuntucve2 prion3 cvelist2 debiancve2 debian1 cve2