Lucene search

[email protected]CVE-2010-4616

HistoryDec 29, 2010 - 10:33 p.m.

CVE-2010-4616

2010-12-2922:33:32

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-4616

xss

vulnerability

impresscms

web script injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.5%

JSON

Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter.

Affected configurations

NVD

Node

impresscmsimpresscmsRange≤1.2.3final

impresscmsimpresscmsMatch1.0beta1

impresscmsimpresscmsMatch1.0beta2

impresscmsimpresscmsMatch1.0final

impresscmsimpresscmsMatch1.0rc1

impresscmsimpresscmsMatch1.0rc2

impresscmsimpresscmsMatch1.0rc3

impresscmsimpresscmsMatch1.1alpha1

impresscmsimpresscmsMatch1.1alpha2

impresscmsimpresscmsMatch1.1beta1

impresscmsimpresscmsMatch1.1final

impresscmsimpresscmsMatch1.1rc1

impresscmsimpresscmsMatch1.1rc2

impresscmsimpresscmsMatch1.1rc3

impresscmsimpresscmsMatch1.1.1final

impresscmsimpresscmsMatch1.1.1rc1

impresscmsimpresscmsMatch1.1.1rc2

impresscmsimpresscmsMatch1.1.2final

impresscmsimpresscmsMatch1.1.2rc1

impresscmsimpresscmsMatch1.1.2rc2

impresscmsimpresscmsMatch1.1.3beta

impresscmsimpresscmsMatch1.1.3final

impresscmsimpresscmsMatch1.1.3rc1

impresscmsimpresscmsMatch1.2alpha1

impresscmsimpresscmsMatch1.2alpha2

impresscmsimpresscmsMatch1.2beta

impresscmsimpresscmsMatch1.2final

impresscmsimpresscmsMatch1.2rc1

impresscmsimpresscmsMatch1.2rc2

impresscmsimpresscmsMatch1.2.1beta

impresscmsimpresscmsMatch1.2.1final

impresscmsimpresscmsMatch1.2.1rc1

impresscmsimpresscmsMatch1.2.3beta

impresscmsimpresscmsMatch1.2.3rc1

impresscmsimpresscmsMatch1.2.3rc2

CPENameOperatorVersion
impresscms:impresscmsimpresscmsle1.2.3
impresscms:impresscmsimpresscmseq1.0
impresscms:impresscmsimpresscmseq1.1
impresscms:impresscmsimpresscmseq1.1.1
impresscms:impresscmsimpresscmseq1.1.2
impresscms:impresscmsimpresscmseq1.1.3
impresscms:impresscmsimpresscmseq1.2
impresscms:impresscmsimpresscmseq1.2.1

CPE	Name	Operator	Version
impresscms:impresscms	impresscms	le	1.2.3
impresscms:impresscms	impresscms	eq	1.0
impresscms:impresscms	impresscms	eq	1.1
impresscms:impresscms	impresscms	eq	1.1.1
impresscms:impresscms	impresscms	eq	1.1.2
impresscms:impresscms	impresscms	eq	1.1.3
impresscms:impresscms	impresscms	eq	1.2
impresscms:impresscms	impresscms	eq	1.2.1