CVE-2010-2316

{"id": "CVE-2010-2316", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-06-17T16:30:02.123", "references": [{"url": "http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/13739", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/40593", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/1361", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/13739", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/40593", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/1361", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en default.asp en WmsCms v2.0 y anteriores permiten a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) search, (2) sbr, (3) p, y (4) sbl, diferentes vectores de CVE-2007-3137."}], "lastModified": "2024-11-21T01:16:23.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wmsdesign:wmscms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8A066AC-1C8D-4787-8764-140CA170F4AA", "versionEndIncluding": "2.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}