Lucene search

PRIOn knowledge basePRION:CVE-2010-4757

HistoryMar 15, 2011 - 5:55 p.m.

Cross site scripting

2011-03-1517:55:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.9%

JSON

Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457.

CPENameOperatorVersion
e107eq0.6175
e107eq0.616
e107eq0.7.10
e107eq0.6174
e107eq0.615.97
e107eq0.7.7
e107eq0.6.15
e107eq0.7.13
e107eq0.7.4
e107eq0.6173

Name	Operator	Version
e107	eq	0.6175
e107	eq	0.616
e107	eq	0.7.10
e107	eq	0.6174
e107	eq	0.615.97
e107	eq	0.7.7
e107	eq	0.6.15
e107	eq	0.7.13
e107	eq	0.7.4
e107	eq	0.6173

Rows per page:

1-10 of 651

References

e107.org/comment.php?comment.news.872

e107.org/svn_changelog.php?version=0.7.23

e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655&r2=11654&pathrev=11655

securitytracker.com/id?1024351

www.madirish.net/?article=471

exchange.xforce.ibmcloud.com/vulnerabilities/61331

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.9%

JSON

Related for PRION:CVE-2010-4757