Lucene search
HistorySep 22, 2010 - 7:00 p.m.
CVE-2010-3314
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.002
Percentile
55.4%
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Affected configurations
Node
egroupwareegroupwareMatch1.4.001
ORegroupwareegroupwareMatch1.4.001\+.002
ORegroupwareegroupwareMatch1.4.002
ORegroupwareegroupwareMatch1.6.001
ORegroupwareegroupwareMatch1.6.001\+.002
ORegroupwareegroupwareMatch1.6.002
ORegroupwareegroupwareMatch9.1-commercial_epl
ORegroupwareegroupwareMatch9.2-commercial_epl
Related
cvelist
cvelist
CVE-2010-3314
2022-10-03 16:20:54
ubuntucve
ubuntucve
CVE-2010-3314
2010-09-22 00:00:00
prion
prion
Cross site scripting
2010-09-22 19:00:00
cve
cve
CVE-2010-3314
2022-10-03 16:20:54
openvas
openvas
FreeBSD Ports: egroupware
2010-03-16 00:00:00
Debian: Security Advisory (DSA-2013-1)
2010-03-16 00:00:00
EGroupware Multiple Vulnerabilities (Sep 2010) - Active Check
2010-09-24 00:00:00
osv
osv
egroupware - several vulnerabilities
2010-03-11 00:00:00
nessus
nessus
Debian DSA-2013-1 : egroupware - several vulnerabilities
2010-03-15 00:00:00
GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012
2014-12-15 00:00:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2012
2014-12-11 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.002
Percentile
55.4%
Related for NVD:CVE-2010-3314