CVE-2010-2463

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-2463
Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/40259 Vendor Advisory
http://www.htbridge.ch/advisory/xss_vulnerability_in_jamroom.html Exploit
http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1756 Vendor Advisory
http://www.securityfocus.com/bid/41071 Exploit
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jamroom:jamroom:*:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:1.0:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:1.0:b1:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:1.0:b2:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:1.0:b3:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:1.0:b4:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:1.0:b5:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.0.9:a:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.60:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.60:rc2:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.60:rc3:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.61:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.62:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.63:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.64:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.65:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.66:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.67:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.68:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:2.69:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0:b1:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0:b2:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0:b3:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0:b4:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0:b5:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0:b6:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0:b7:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0:b8:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.15:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.16:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.17:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.18:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.19:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.20:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.21:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.22:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.23:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.24:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.25:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.26:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.27:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.28:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.29:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.0.30:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.1.0:b1:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.1.0:b2:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.1.0:b3:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.3.7:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.3.8:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:jamroom:jamroom:4.1.7:*:*:*:*:*:*:*
History

No history.

Information

Published : 2010-06-25 21:30

Updated : 2024-02-04 17:54

NVD link : CVE-2010-2463

Mitre link : CVE-2010-2463

CVE.ORG link : CVE-2010-2463

JSON object : View

Products Affected

jamroom

  • jamroom
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')