Lucene search

[email protected]CVE-2010-2671

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-2671

2022-10-0316:21:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-2671

cross-site scripting

xss

ez publish

security vulnerability

remote attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.2%

JSON

Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.

Affected configurations

NVD

Node

ezez_publishMatch3.7.0

ezez_publishMatch3.7.1

ezez_publishMatch3.7.2

ezez_publishMatch3.7.3

ezez_publishMatch3.7.4

ezez_publishMatch3.7.5

ezez_publishMatch3.7.6

ezez_publishMatch3.7.7

ezez_publishMatch3.7.8

ezez_publishMatch3.7.9

ezez_publishMatch3.7.10

ezez_publishMatch3.7.11

ezez_publishMatch3.7.12

ezez_publishMatch4.2.0

CPENameOperatorVersion
ez:ez_publishez ez publisheq3.7.0
ez:ez_publishez ez publisheq3.7.1
ez:ez_publishez ez publisheq3.7.2
ez:ez_publishez ez publisheq3.7.3
ez:ez_publishez ez publisheq3.7.4
ez:ez_publishez ez publisheq3.7.5
ez:ez_publishez ez publisheq3.7.6
ez:ez_publishez ez publisheq3.7.7
ez:ez_publishez ez publisheq3.7.8
ez:ez_publishez ez publisheq3.7.9

CPE	Name	Operator	Version
ez:ez_publish	ez ez publish	eq	3.7.0
ez:ez_publish	ez ez publish	eq	3.7.1
ez:ez_publish	ez ez publish	eq	3.7.2
ez:ez_publish	ez ez publish	eq	3.7.3
ez:ez_publish	ez ez publish	eq	3.7.4
ez:ez_publish	ez ez publish	eq	3.7.5
ez:ez_publish	ez ez publish	eq	3.7.6
ez:ez_publish	ez ez publish	eq	3.7.7
ez:ez_publish	ez ez publish	eq	3.7.8
ez:ez_publish	ez ez publish	eq	3.7.9

Rows per page:

1-10 of 141

References

ez.no/de/content/download/321164/3192243/version/1/file/16396.diff

ez.no/de/content/download/321443/3196351/version/1/file/combined_patch_42.diff

ez.no/de/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search

osvdb.org/63239

secunia.com/advisories/39101

www.securityfocus.com/bid/38985

www.siberas.de/advisories/advisories_2010.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.2%

JSON

Related for CVE-2010-2671

nvd1 prion1 cvelist1