Lucene search

[email protected]CVE-2010-4863

HistoryOct 05, 2011 - 10:55 a.m.

CVE-2010-4863

2011-10-0510:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-4863

xss

vulnerability

getsimple cms 2.01

cross-site scripting

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.8%

JSON

Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter.

CPENameOperatorVersion
get-simple:getsimple_cmsget-simple getsimple cmseq2.01

CPE	Name	Operator	Version
get-simple:getsimple_cms	get-simple getsimple cms	eq	2.01

References

packetstormsecurity.org/1009-exploits/getsimplecms201-xss.txt

securityreason.com/securityalert/8420

www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms_1.html

www.securityfocus.com/archive/1/514043/100/0/threaded

www.securityfocus.com/bid/43593

exchange.xforce.ibmcloud.com/vulnerabilities/62177

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.8%

JSON

Related for CVE-2010-4863

cvelist1 prion1 htbridge1 openvas1