CVE-2010-0726

2010-03-0219:30:00

Debian Security Bug Tracker

security-tracker.debian.org

cve-2010-0726

cross-site scripting

tb-send.rb plugin

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

68.4%

JSON

Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters.

OSVersionArchitecturePackageVersionFilename
Debian12alltdiary< 2.2.1-1.1tdiary_2.2.1-1.1_all.deb
Debian11alltdiary< 2.2.1-1.1tdiary_2.2.1-1.1_all.deb
Debian999alltdiary< 2.2.1-1.1tdiary_2.2.1-1.1_all.deb
Debian13alltdiary< 2.2.1-1.1tdiary_2.2.1-1.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	tdiary	< 2.2.1-1.1	tdiary_2.2.1-1.1_all.deb
Debian	11	all	tdiary	< 2.2.1-1.1	tdiary_2.2.1-1.1_all.deb
Debian	999	all	tdiary	< 2.2.1-1.1	tdiary_2.2.1-1.1_all.deb
Debian	13	all	tdiary	< 2.2.1-1.1	tdiary_2.2.1-1.1_all.deb