[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-2103Date: (C)2010-05-27   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
EXPLOIT-DB-12689
http://www.securityfocus.com/archive/1/511404/100/0/threaded
SECUNIA-39906
BID-40327
OSVDB-64844
ADV-2010-1215
axis2-modules-xss(58790)
http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03
https://kb.juniper.net/KB27373

CPE    2
cpe:/a:apache:axis2:1.4.1
cpe:/a:apache:axis2:1.5.1
CWE    1
CWE-79

© SecPod Technologies