CVE-2010-5064

{"id": "CVE-2010-5064", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-10-08T10:47:44.683", "references": [{"url": "http://dmcdonald.net/vwar.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2010/Aug/235", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Virtual War (tambi\u00e9n conocido como VWar) v1.6.1 R2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) El campo Additional Information sobre challenge.php, el campo (2) Additional Information o (3) Contact information sobre joinus.php, (4) el campo War Report sobre admin/admin.php en una acci\u00f3n finishwar, o (5) el campo Nick sobre profile.php.\r\n"}], "lastModified": "2012-10-08T10:47:44.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vwar:virtual_war:1.6.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F27251B8-7B01-4D5E-8858-76C875E2B581"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}