Lucene search

[email protected]NVD:CVE-2010-2256

HistoryJun 09, 2010 - 8:30 p.m.

CVE-2010-2256

2010-06-0920:30:24

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

57.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos.php.

Affected configurations

Nvd

Node

payperviewvideosoftwarepay_per_minute_video_chat_scriptMatch2.0

payperviewvideosoftwarepay_per_minute_video_chat_scriptMatch2.1

VendorProductVersionCPE
payperviewvideosoftwarepay_per_minute_video_chat_script2.0cpe:2.3:a:payperviewvideosoftware:pay_per_minute_video_chat_script:2.0:*:*:*:*:*:*:*
payperviewvideosoftwarepay_per_minute_video_chat_script2.1cpe:2.3:a:payperviewvideosoftware:pay_per_minute_video_chat_script:2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
payperviewvideosoftware	pay_per_minute_video_chat_script	2.0	cpe:2.3:a:payperviewvideosoftware:pay_per_minute_video_chat_script:2.0:::::::*
payperviewvideosoftware	pay_per_minute_video_chat_script	2.1	cpe:2.3:a:payperviewvideosoftware:pay_per_minute_video_chat_script:2.1:::::::*

References

packetstormsecurity.org/1001-exploits/ppmvcs-sqlxss.txt

secunia.com/advisories/38086

www.exploit-db.com/exploits/10983

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

57.6%

JSON

Related for NVD:CVE-2010-2256

prion1 cvelist1 cve1 exploitdb1