Lucene search

K
cve[email protected]CVE-2010-3421
HistorySep 16, 2010 - 10:00 p.m.

CVE-2010-3421

2010-09-1622:00:02
CWE-79
web.nvd.nist.gov
18
cve-2010-3421
cross-site scripting
xss
affiliatelogin.asp
productcart 3
productcart 4.1 sp1
vulnerability
remote attackers
web script
html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD
Node
productcartproductcartMatch3.0
OR
productcartproductcartMatch4.1
OR
productcartproductcartMatch4.1sp1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

Related for CVE-2010-3421