exploitDog

CVE-2010-2267

Опубликовано: 15 июн. 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi.

Ссылки

http://www.ioactive.com/pdfs/AccoriaWebServer.pdf
Exploit
http://www.kb.cert.org/vuls/id/245081
US Government Resource
http://www.ioactive.com/pdfs/AccoriaWebServer.pdf
Exploit
http://www.kb.cert.org/vuls/id/245081
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:accoria:rock_web_server:1.4.7:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00295

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rvc9-rp6m-f7w6

github

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi.

EPSS

Процентиль: 52%

0.00295

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79