CVE-2010-3427

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in Open Classifieds 1.7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) desc, (2) price, (3) title, and (4) place parameters to index.php and the (5) subject parameter to contact.htm, related to content/contact.php.

Reference

http://osvdb.org/67971
http://osvdb.org/67972
http://pridels-team.blogspot.com/2010/09/open-classifieds-version-1702-xss-vuln.html
http://secunia.com/advisories/41386
http://www.securityfocus.com/bid/43176

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-09-2010 - 04:00

Objavljeno

16-09-2010 - 22:00