CVE-2010-4734

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.

Reference

http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txt
http://secunia.com/advisories/42385
http://securityreason.com/securityalert/8081
http://www.exploit-db.com/exploits/15625
http://www.osvdb.org/69514
http://www.securityfocus.com/bid/45081

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

22-09-2011 - 03:27

Objavljeno

16-02-2011 - 03:00