Lucene search

[email protected]CVE-2010-2852

HistoryJul 25, 2010 - 2:04 a.m.

CVE-2010-2852

2010-07-2502:04:14

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-2852

cross-site scripting

xss vulnerability

runcms 2.1

nvd

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.7%

JSON

Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Affected configurations

NVD

Node

runcmsruncmsMatch2.1

CPENameOperatorVersion
runcms:runcmsruncmseq2.1

CPE	Name	Operator	Version
runcms:runcms	runcms	eq	2.1

References

cross-site-scripting.blogspot.com/2010/07/runcms-21-magpie-rss-module-reflected.html

osvdb.org/66244

secunia.com/advisories/40521

www.securityfocus.com/bid/41551

exchange.xforce.ibmcloud.com/vulnerabilities/60224

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for CVE-2010-2852

cvelist1 nvd1 prion1