Lucene search

[email protected]CVE-2010-4850

HistorySep 27, 2011 - 10:55 a.m.

CVE-2010-4850

2011-09-2710:55:05

CWE-79

[email protected]

web.nvd.nist.gov

xss

diferior 8.03

remote code injection

security vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php.

Affected configurations

NVD

Node

diferiordiferiorMatch8.03

CPENameOperatorVersion
diferior:diferiordiferioreq8.03

CPE	Name	Operator	Version
diferior:diferior	diferior	eq	8.03

References

packetstormsecurity.org/files/view/96207/diferior-xss.txt

securityreason.com/securityalert/8398

www.exploit-db.com/exploits/15633

www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_diferior.html

www.htbridge.ch/advisory/stored_xss_cross_site_scripting_vulnerability_in_diferior.html

www.htbridge.ch/advisory/xss_vulnerability_in_diferior.html

www.securityfocus.com/bid/45088

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CVE-2010-4850

cvelist1 prion1 nvd1 htbridge1