CVE-2010-2014

2010-05-2417:30:01

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

53.0%

JSON

Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the cl or possibly id parameter.

Affected configurations

Nvd

Node

createch-grouplisk_cmsMatch4.4

createch-grouplisk_cmsMatch4.4-corporate

createch-grouplisk_cmsMatch4.4-custom

createch-grouplisk_cmsMatch4.4-e-commerce

createch-grouplisk_cmsMatch4.4-extranet\/intranet

createch-grouplisk_cmsMatch4.4-portal\/community

VendorProductVersionCPE
createch-grouplisk_cms4.4cpe:2.3:a:createch-group:lisk_cms:4.4:*:*:*:*:*:*:*
createch-grouplisk_cms4.4cpe:2.3:a:createch-group:lisk_cms:4.4:-:corporate:*:*:*:*:*
createch-grouplisk_cms4.4cpe:2.3:a:createch-group:lisk_cms:4.4:-:custom:*:*:*:*:*
createch-grouplisk_cms4.4cpe:2.3:a:createch-group:lisk_cms:4.4:-:e-commerce:*:*:*:*:*
createch-grouplisk_cms4.4cpe:2.3:a:createch-group:lisk_cms:4.4:-:extranet\/intranet:*:*:*:*:*
createch-grouplisk_cms4.4cpe:2.3:a:createch-group:lisk_cms:4.4:-:portal\/community:*:*:*:*:*

Vendor	Product	Version	CPE
createch-group	lisk_cms	4.4	cpe:2.3:a:createch-group:lisk_cms:4.4:::::::*
createch-group	lisk_cms	4.4	cpe:2.3:a:createch-group:lisk_cms:4.4:-:corporate:::::*
createch-group	lisk_cms	4.4	cpe:2.3:a:createch-group:lisk_cms:4.4:-:custom:::::*
createch-group	lisk_cms	4.4	cpe:2.3:a:createch-group:lisk_cms:4.4:-:e-commerce:::::*
createch-group	lisk_cms	4.4	cpe:2.3:a:createch-group:lisk_cms:4.4:-:extranet\/intranet:::::*
createch-group	lisk_cms	4.4	cpe:2.3:a:createch-group:lisk_cms:4.4:-:portal\/community:::::*