Lucene search

[email protected]CVE-2010-5018

HistoryNov 02, 2011 - 9:55 p.m.

CVE-2010-5018

2011-11-0221:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-5018

cross-site scripting

xss

vulnerability

online classified script

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

83.3%

JSON

Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter.

CPENameOperatorVersion
2daybiz:online_classified_script2daybiz online classified scripteq*

CPE	Name	Operator	Version
2daybiz:online_classified_script	2daybiz online classified script	eq	*

References

packetstormsecurity.org/1006-exploits/2daybizocs-sqlxss.txt

secunia.com/advisories/40213

www.exploit-db.com/exploits/13894

www.securityfocus.com/bid/40890

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

83.3%

JSON

Related for CVE-2010-5018

prion1 cvelist1