Lucene search

[email protected]CVE-2010-4405

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-4405

2022-10-0316:21:04

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-4405

cross-site scripting

xss

yannick gaultier

sh404sef

joomla

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

anything-digitalsh404sefRange≤2.1.7.761

anything-digitalsh404sefMatch1.5.2.255

anything-digitalsh404sefMatch1.5.3.296

anything-digitalsh404sefMatch1.5.4.302

anything-digitalsh404sefMatch1.5.5.388

anything-digitalsh404sefMatch1.5.6.398

anything-digitalsh404sefMatch1.5.7.407

anything-digitalsh404sefMatch1.5.8.432

anything-digitalsh404sefMatch1.5.9.434

anything-digitalsh404sefMatch1.5.10.446

anything-digitalsh404sefMatch1.5.11.459

anything-digitalsh404sefMatch1.5.12.464

anything-digitalsh404sefMatch2.0.0rc522

anything-digitalsh404sefMatch2.0.1.531

anything-digitalsh404sefMatch2.0.2.542

anything-digitalsh404sefMatch2.0.3.545

anything-digitalsh404sefMatch2.1.0.641

anything-digitalsh404sefMatch2.1.1.644

anything-digitalsh404sefMatch2.1.2.649

anything-digitalsh404sefMatch2.1.3.680

anything-digitalsh404sefMatch2.1.4.734

anything-digitalsh404sefMatch2.1.5.746

anything-digitalsh404sefMatch2.1.6.749

AND

joomlajoomla\!

CPENameOperatorVersion
anything-digital:sh404sefanything-digital sh404sefle2.1.7.761
anything-digital:sh404sefanything-digital sh404sefeq1.5.2.255
anything-digital:sh404sefanything-digital sh404sefeq1.5.3.296
anything-digital:sh404sefanything-digital sh404sefeq1.5.4.302
anything-digital:sh404sefanything-digital sh404sefeq1.5.5.388
anything-digital:sh404sefanything-digital sh404sefeq1.5.6.398
anything-digital:sh404sefanything-digital sh404sefeq1.5.7.407
anything-digital:sh404sefanything-digital sh404sefeq1.5.8.432
anything-digital:sh404sefanything-digital sh404sefeq1.5.9.434
anything-digital:sh404sefanything-digital sh404sefeq1.5.10.446

CPE	Name	Operator	Version
anything-digital:sh404sef	anything-digital sh404sef	le	2.1.7.761
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.2.255
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.3.296
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.4.302
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.5.388
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.6.398
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.7.407
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.8.432
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.9.434
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.10.446

Rows per page:

1-10 of 231

References

dev.anything-digital.com/Forum/Announcements/9100-Urgent-sh404SEF-security-release-Joomla-1.5/

secunia.com/advisories/42430

twitter.com/jeffchannell/status/8603529560195072

www.securityfocus.com/bid/45135

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

Related for CVE-2010-4405

prion1 cvelist1 nvd1