CVE-2010-4873

Опубликовано: 07 окт. 2011

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Ссылки

http://osvdb.org/69103
Exploit
http://packetstormsecurity.org/1011-exploits/webid085p1-xss.txt
Exploit
http://secunia.com/advisories/42171
Vendor Advisory
http://securityreason.com/securityalert/8429
http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.Scripting/62
Exploit
http://www.securityfocus.com/bid/44765
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/63152
http://osvdb.org/69103
Exploit
http://packetstormsecurity.org/1011-exploits/webid085p1-xss.txt
Exploit
http://secunia.com/advisories/42171
Vendor Advisory
http://securityreason.com/securityalert/8429
http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.Scripting/62
Exploit
http://www.securityfocus.com/bid/44765
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/63152

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webidsupport:webid:0.8.5:p1:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05426

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4f8j-483g-w9w4

github

больше 3 лет назад