Lucene search

[email protected]NVD:CVE-2010-3465

HistorySep 17, 2010 - 8:00 p.m.

CVE-2010-3465

2010-09-1720:00:04

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to Default.aspx and the (2) type parameter to SearchResults.aspx.

Affected configurations

Nvd

Node

ecommercesoftxse_shopping_cartMatch1.5.2.1

ecommercesoftxse_shopping_cartMatch1.5.3.0

VendorProductVersionCPE
ecommercesoftxse_shopping_cart1.5.2.1cpe:2.3:a:ecommercesoft:xse_shopping_cart:1.5.2.1:*:*:*:*:*:*:*
ecommercesoftxse_shopping_cart1.5.3.0cpe:2.3:a:ecommercesoft:xse_shopping_cart:1.5.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ecommercesoft	xse_shopping_cart	1.5.2.1	cpe:2.3:a:ecommercesoft:xse_shopping_cart:1.5.2.1:::::::*
ecommercesoft	xse_shopping_cart	1.5.3.0	cpe:2.3:a:ecommercesoft:xse_shopping_cart:1.5.3.0:::::::*

References

osvdb.org/68029

osvdb.org/68030

pridels-team.blogspot.com/2010/09/xse-shopping-cart-xss-vuln.html

secunia.com/advisories/41453

exchange.xforce.ibmcloud.com/vulnerabilities/61828

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Related for NVD:CVE-2010-3465

cvelist1 prion1 cve1