Lucene search

MitreCVE-2010-5048

HistoryNov 23, 2011 - 1:55 a.m.

CVE-2010-5048

2011-11-2301:55:04

CWE-79

mitre

web.nvd.nist.gov

joomlatune

jcomments

com_jcomments

xss

vulnerability

admin.jcomments.php

cve-2010-5048

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.005

Percentile

76.2%

JSON

Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php.

Affected configurations

Nvd

Node

joomlatunecom_jcommentsMatch2.1.0.0

AND

joomlajoomla\!

VendorProductVersionCPE
joomlatunecom_jcomments2.1.0.0cpe:2.3:a:joomlatune:com_jcomments:2.1.0.0:*:*:*:*:*:*:*
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joomlatune	com_jcomments	2.1.0.0	cpe:2.3:a:joomlatune:com_jcomments:2.1.0.0:::::::*
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::

References

packetstormsecurity.org/1005-exploits/joomlajcomments-xss.txt

secunia.com/advisories/39842

www.htbridge.ch/advisory/xss_vulnerability_in_jcomments_joomla.html

www.joomlatune.com/jcomments-v.2.2-release-notes.html

www.securityfocus.com/archive/1/511320/100/0/threaded

www.securityfocus.com/bid/40230

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.005

Percentile

76.2%

JSON

Related for CVE-2010-5048