Lucene search

[email protected]NVD:CVE-2010-4407

HistoryDec 06, 2010 - 1:37 p.m.

CVE-2010-4407

2010-12-0613:37:32

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters.

Affected configurations

Nvd

Node

alberto_pittonialguestMatch1.1c-patched

VendorProductVersionCPE
alberto_pittonialguest1.1cpe:2.3:a:alberto_pittoni:alguest:1.1:c-patched:*:*:*:*:*:*

Vendor	Product	Version	CPE
alberto_pittoni	alguest	1.1	cpe:2.3:a:alberto_pittoni:alguest:1.1:c-patched::::::

References

evuln.com/vulns/151/summary.html

packetstormsecurity.org/files/view/96297/alguest-xss.txt

www.securityfocus.com/archive/1/514960/100/0/threaded

www.securityfocus.com/bid/45140

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Related for NVD:CVE-2010-4407

cve1 cvelist1 prion1