Lucene search

[email protected]CVE-2010-4355

HistoryDec 01, 2010 - 4:06 p.m.

CVE-2010-4355

2010-12-0116:06:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-4355

xss

dadabik

web script injection

html injection

security vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.7%

JSON

Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter.

Affected configurations

NVD

Node

dadabikdadabikRange≤4.3beta_rc1

dadabikdadabikMatch1.0beta

dadabikdadabikMatch1.0.1beta

dadabikdadabikMatch1.0.2beta

dadabikdadabikMatch1.0.3beta

dadabikdadabikMatch1.0.4beta

dadabikdadabikMatch1.0.5beta

dadabikdadabikMatch1.1beta

dadabikdadabikMatch1.5

dadabikdadabikMatch1.5b

dadabikdadabikMatch1.6

dadabikdadabikMatch1.7

dadabikdadabikMatch1.8

dadabikdadabikMatch1.9

dadabikdadabikMatch1.9.1

dadabikdadabikMatch2.0beta

dadabikdadabikMatch2.0.1beta

dadabikdadabikMatch2.1beta

dadabikdadabikMatch2.1bbeta

dadabikdadabikMatch2.2beta

dadabikdadabikMatch2.2.1

dadabikdadabikMatch2.2.1beta

dadabikdadabikMatch3.0

dadabikdadabikMatch3.0beta

dadabikdadabikMatch3.1beta

dadabikdadabikMatch3.2

dadabikdadabikMatch3.2beta

dadabikdadabikMatch4.0

dadabikdadabikMatch4.0alpha

dadabikdadabikMatch4.0beta

dadabikdadabikMatch4.0beta2

dadabikdadabikMatch4.1

dadabikdadabikMatch4.1beta

dadabikdadabikMatch4.1rc1

dadabikdadabikMatch4.1rc2

dadabikdadabikMatch4.1rc3

dadabikdadabikMatch4.2

dadabikdadabikMatch4.2beta

dadabikdadabikMatch4.3alpha

dadabikdadabikMatch4.3beta

dadabikdadabikMatch4.3beta2

CPENameOperatorVersion
dadabik:dadabikdadabikle4.3
dadabik:dadabikdadabikeq1.0
dadabik:dadabikdadabikeq1.0.1
dadabik:dadabikdadabikeq1.0.2
dadabik:dadabikdadabikeq1.0.3
dadabik:dadabikdadabikeq1.0.4
dadabik:dadabikdadabikeq1.0.5
dadabik:dadabikdadabikeq1.1
dadabik:dadabikdadabikeq1.5
dadabik:dadabikdadabikeq1.5b

CPE	Name	Operator	Version
dadabik:dadabik	dadabik	le	4.3
dadabik:dadabik	dadabik	eq	1.0
dadabik:dadabik	dadabik	eq	1.0.1
dadabik:dadabik	dadabik	eq	1.0.2
dadabik:dadabik	dadabik	eq	1.0.3
dadabik:dadabik	dadabik	eq	1.0.4
dadabik:dadabik	dadabik	eq	1.0.5
dadabik:dadabik	dadabik	eq	1.1
dadabik:dadabik	dadabik	eq	1.5
dadabik:dadabik	dadabik	eq	1.5b

Rows per page:

1-10 of 271

References

secunia.com/advisories/42220

www.dadabik.org/index.php?function=show_changelog

www.securityfocus.com/bid/44826

exchange.xforce.ibmcloud.com/vulnerabilities/63219

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.7%

JSON

Related for CVE-2010-4355

prion2 cvelist2 nvd2 cve1