CVE-2010-5303

2022-10-0316:21:02

mitre

www.cve.org

cve-2010-5303

timthumb

web script

html

displayerror function

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

JSON

Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.

References

code.google.com/p/timthumb/source/detail?r=88