Lucene search
HistoryOct 05, 2011 - 10:55 a.m.
CVE-2010-4868
cve-2010-4868
cross-site scripting
xss
vulnerability
w-agora
search.php3
injection
security
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.3%
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.
Affected configurations
Node
w-agoraw-agoraRange≤4.2.1
ORw-agoraw-agoraMatch4.0.0
ORw-agoraw-agoraMatch4.0.1
ORw-agoraw-agoraMatch4.0.2
ORw-agoraw-agoraMatch4.0.2a
ORw-agoraw-agoraMatch4.0.3
ORw-agoraw-agoraMatch4.1.0
ORw-agoraw-agoraMatch4.1.1
ORw-agoraw-agoraMatch4.1.2
ORw-agoraw-agoraMatch4.1.3
ORw-agoraw-agoraMatch4.1.4
ORw-agoraw-agoraMatch4.1.5
ORw-agoraw-agoraMatch4.1.6
ORw-agoraw-agoraMatch4.1.6a
ORw-agoraw-agoraMatch4.1.7
ORw-agoraw-agoraMatch4.2.0
Related
nvd
nvd
CVE-2010-4868
2011-10-05 10:55:08
cvelist
cvelist
CVE-2010-4868
2011-10-05 10:00:00
prion
prion
Cross site scripting
2011-10-05 10:55:00
openvas
openvas
W-Agora 'search.php' LFi and XSS Vulnerabilities
2010-10-25 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.3%
Related for CVE-2010-4868