Lucene search

[email protected]CVE-2010-5035

HistoryNov 02, 2011 - 9:55 p.m.

CVE-2010-5035

2011-11-0221:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-5035

xss

vulnerability

iscripts eswap 2.0

search.php

web script

html

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.6%

JSON

Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
iscripts:eswapiscripts eswapeq2.0

CPE	Name	Operator	Version
iscripts:eswap	iscripts eswap	eq	2.0

References

packetstormsecurity.org/1006-exploits/iscriptsewap-sqlxss.txt

secunia.com/advisories/40087

securityreason.com/securityalert/8522

www.exploit-db.com/exploits/13740/

www.securityfocus.com/bid/40597

www.vupen.com/english/advisories/2010/1360

exchange.xforce.ibmcloud.com/vulnerabilities/59148

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.6%

JSON

Related for CVE-2010-5035

cvelist1 prion1