CVE-2010-3010

2010-09-1520:00:00

CWE-79

[email protected]

web.nvd.nist.gov

3com

officeconnect

gigabit

vpn

firewall

xss

vulnerability

cve-2010-3010

nvd

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON

Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: a separate XSS issue for HP System Management Homepage (SMH) was originally assigned CVE-2010-3010 due to a CNA error, but CVE-2010-3012 is the appropriate identifier for the SMH issue.

CPENameOperatorVersion
hp:3com_officeconnect_gigabit_vpn_firewall_softwarehp 3com officeconnect gigabit vpn firewall softwarele1.0.12
hp:3com_officeconnect_gigabit_vpn_firewall_softwarehp 3com officeconnect gigabit vpn firewall softwareeq1.0.8
hp:3crevf100-73hp 3crevf100-73eq*

CPE	Name	Operator	Version
hp:3com_officeconnect_gigabit_vpn_firewall_software	hp 3com officeconnect gigabit vpn firewall software	le	1.0.12
hp:3com_officeconnect_gigabit_vpn_firewall_software	hp 3com officeconnect gigabit vpn firewall software	eq	1.0.8
hp:3crevf100-73	hp 3crevf100-73	eq	*