Lucene search

MitreCVE-2010-1854

HistoryMay 07, 2010 - 8:30 p.m.

CVE-2010-1854

2010-05-0720:30:01

CWE-79

mitre

web.nvd.nist.gov

cve-2010-1854

cross-site scripting

xss

auktion.php

pay per watch

bid auktions system

remote attackers

sql error message

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.004

Percentile

73.6%

JSON

Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be resultant from CVE-2010-1855.

Affected configurations

Nvd

Node

phpscripte24pay_per_watch_\&_bid_auktions_system

VendorProductVersionCPE
phpscripte24pay_per_watch_\&_bid_auktions_system*cpe:2.3:a:phpscripte24:pay_per_watch_\&_bid_auktions_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpscripte24	pay_per_watch_\&_bid_auktions_system	*	cpe:2.3:a:phpscripte24:pay_per_watch_\&_bid_auktions_system::::::::

References

secunia.com/advisories/39059

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.004

Percentile

73.6%

JSON

Related for CVE-2010-1854