Lucene search

[email protected]NVD:CVE-2010-4412

HistoryDec 07, 2010 - 1:53 p.m.

CVE-2010-4412

2010-12-0713:53:30

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.

Affected configurations

Nvd

Node

bsdperimeterpfsenseMatch2.0beta4

VendorProductVersionCPE
bsdperimeterpfsense2.0cpe:2.3:a:bsdperimeter:pfsense:2.0:beta4:*:*:*:*:*:*

Vendor	Product	Version	CPE
bsdperimeter	pfsense	2.0	cpe:2.3:a:bsdperimeter:pfsense:2.0:beta4::::::

References

openwall.com/lists/oss-security/2010/11/22/18

openwall.com/lists/oss-security/2010/11/24/7

openwall.com/lists/oss-security/2010/12/06/7

seclists.org/fulldisclosure/2010/Nov/43

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

Related for NVD:CVE-2010-4412

prion3 cve3 cvelist3 nvd2 exploitdb5