CVE-2010-2267

{"id": "CVE-2010-2267", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-06-15T14:30:01.250", "references": [{"url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/245081", "tags": ["US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi."}, {"lang": "es", "value": "Multiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Accoria Web Server (tambi\u00e9n conocido como Rock Web Server) v1,4,7 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de (1) la cadena de consulta a la muestra del programa \"getenv\", (2) el par\u00e1metro \"desc\" de loadstatic.cgi, (3) el par\u00e1metro \"name\" de httpdcfg.cgi, (4) el par\u00e1metro \"dns\" de servercfg.cgi."}], "lastModified": "2010-06-18T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:accoria:rock_web_server:1.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D07F604B-CCDD-4F78-93FA-C63273EAD480"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}