Lucene search

[email protected]CVE-2010-4358

HistoryDec 01, 2010 - 4:06 p.m.

CVE-2010-4358

2010-12-0116:06:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-4358

cross-site scripting

xss

gb.cgi

mrcgiguy

mcg

guestbook 1.0

security vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters.

Affected configurations

NVD

Node

mrcgiguyguestbookMatch1.0

CPENameOperatorVersion
mrcgiguy:guestbookmrcgiguy guestbookeq1.0

CPE	Name	Operator	Version
mrcgiguy:guestbook	mrcgiguy guestbook	eq	1.0

References

evuln.com/vulns/144/summary.html

packetstormsecurity.org/files/view/96101/mcgguestbook-xss.txt

secunia.com/advisories/42315

www.securityfocus.com/archive/1/514884/100/0/threaded

www.securityfocus.com/bid/45043

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.2%

JSON

Related for CVE-2010-4358

nvd1 prion1 cvelist1