Lucene search

K
cve[email protected]CVE-2010-3421
HistorySep 16, 2010 - 10:00 p.m.

CVE-2010-3421

2010-09-1622:00:02
CWE-79
web.nvd.nist.gov
18
cve-2010-3421
cross-site scripting
xss
affiliatelogin.asp
productcart 3
productcart 4.1 sp1
vulnerability
remote attackers
web script
html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

80.0%

Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD
Node
productcartproductcartMatch3.0
OR
productcartproductcartMatch4.1
OR
productcartproductcartMatch4.1sp1
VendorProductVersionCPE
productcartproductcart3.0cpe:/a:productcart:productcart:3.0:::
productcartproductcart4.1cpe:/a:productcart:productcart:4.1:::
productcartproductcart4.1cpe:/a:productcart:productcart:4.1:sp1::

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

80.0%

Related for CVE-2010-3421