Lucene search

[email protected]CVE-2010-3931

HistoryJan 20, 2011 - 7:00 p.m.

CVE-2010-3931

2011-01-2019:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-3931

cross-site scripting

xss vulnerability

rocomotion products

p board

p forum

p up board

p diary r

p link

p link compact

pplog

pplog2

pm bbs

pm up bbs

pm forum

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.3%

JSON

Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CPENameOperatorVersion
rocomotion:pm_bbsrocomotion pm bbsle1.07
rocomotion:pplog_2rocomotion pplog 2le3.37
rocomotion:p_forumrocomotion p forumle1.30
rocomotion:p_diary_rrocomotion p diary rle1.13
rocomotion:pm_forumrocomotion pm forumle1.18
rocomotion:p_link_compactrocomotion p link compactle1.04
rocomotion:pplogrocomotion pplogle3.31
rocomotion:p_boardrocomotion p boardle1.18
rocomotion:p_linkrocomotion p linkle1.11
rocomotion:p_up_boardrocomotion p up boardle1.38

CPE	Name	Operator	Version
rocomotion:pm_bbs	rocomotion pm bbs	le	1.07
rocomotion:pplog_2	rocomotion pplog 2	le	3.37
rocomotion:p_forum	rocomotion p forum	le	1.30
rocomotion:p_diary_r	rocomotion p diary r	le	1.13
rocomotion:pm_forum	rocomotion pm forum	le	1.18
rocomotion:p_link_compact	rocomotion p link compact	le	1.04
rocomotion:pplog	rocomotion pplog	le	3.31
rocomotion:p_board	rocomotion p board	le	1.18
rocomotion:p_link	rocomotion p link	le	1.11
rocomotion:p_up_board	rocomotion p up board	le	1.38

References

another.rocomotion.jp/12949466953653.html

jvn.jp/en/jp/JVN09115481/index.html

jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000006.html

osvdb.org/70495

secunia.com/advisories/42957

www.securityfocus.com/bid/45838

exchange.xforce.ibmcloud.com/vulnerabilities/64745

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.3%

JSON

Related for CVE-2010-3931

prion1 jvn1