Lucene search

JpcertCVE-2010-3931

HistoryJan 20, 2011 - 7:00 p.m.

CVE-2010-3931

2011-01-2019:00:05

CWE-79

jpcert

web.nvd.nist.gov

cve-2010-3931

cross-site scripting

xss vulnerability

rocomotion products

p board

p forum

p up board

p diary r

p link

p link compact

pplog

pplog2

pm bbs

pm up bbs

pm forum

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

59.0%

JSON

Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Affected configurations

Nvd

Node

rocomotionp_boardRange≤1.18

rocomotionp_diary_rRange≤1.13

rocomotionp_forumRange≤1.30

rocomotionp_linkRange≤1.11

rocomotionp_link_compactRange≤1.04

rocomotionp_up_boardRange≤1.38

rocomotionpm_bbsRange≤1.07

rocomotionpm_forumRange≤1.18

rocomotionpplogRange≤3.31

rocomotionpplog_2Range≤3.37

VendorProductVersionCPE
rocomotionp_board*cpe:2.3:a:rocomotion:p_board:*:*:*:*:*:*:*:*
rocomotionp_diary_r*cpe:2.3:a:rocomotion:p_diary_r:*:*:*:*:*:*:*:*
rocomotionp_forum*cpe:2.3:a:rocomotion:p_forum:*:*:*:*:*:*:*:*
rocomotionp_link*cpe:2.3:a:rocomotion:p_link:*:*:*:*:*:*:*:*
rocomotionp_link_compact*cpe:2.3:a:rocomotion:p_link_compact:*:*:*:*:*:*:*:*
rocomotionp_up_board*cpe:2.3:a:rocomotion:p_up_board:*:*:*:*:*:*:*:*
rocomotionpm_bbs*cpe:2.3:a:rocomotion:pm_bbs:*:*:*:*:*:*:*:*
rocomotionpm_forum*cpe:2.3:a:rocomotion:pm_forum:*:*:*:*:*:*:*:*
rocomotionpplog*cpe:2.3:a:rocomotion:pplog:*:*:*:*:*:*:*:*
rocomotionpplog_2*cpe:2.3:a:rocomotion:pplog_2:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rocomotion	p_board	*	cpe:2.3:a:rocomotion:p_board::::::::
rocomotion	p_diary_r	*	cpe:2.3:a:rocomotion:p_diary_r::::::::
rocomotion	p_forum	*	cpe:2.3:a:rocomotion:p_forum::::::::
rocomotion	p_link	*	cpe:2.3:a:rocomotion:p_link::::::::
rocomotion	p_link_compact	*	cpe:2.3:a:rocomotion:p_link_compact::::::::
rocomotion	p_up_board	*	cpe:2.3:a:rocomotion:p_up_board::::::::
rocomotion	pm_bbs	*	cpe:2.3:a:rocomotion:pm_bbs::::::::
rocomotion	pm_forum	*	cpe:2.3:a:rocomotion:pm_forum::::::::
rocomotion	pplog	*	cpe:2.3:a:rocomotion:pplog::::::::
rocomotion	pplog_2	*	cpe:2.3:a:rocomotion:pplog_2::::::::

References

another.rocomotion.jp/12949466953653.html

jvn.jp/en/jp/JVN09115481/index.html

jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000006.html

osvdb.org/70495

secunia.com/advisories/42957

www.securityfocus.com/bid/45838

exchange.xforce.ibmcloud.com/vulnerabilities/64745

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

59.0%

JSON

Related for CVE-2010-3931