CVE-2009-4944

{"id": "CVE-2009-4944", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-07-22T05:40:07.377", "references": [{"url": "http://secunia.com/advisories/35173", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/54799", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/54800", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50834", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35173", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/54799", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/54800", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50834", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "M\u00faltiples secuencias de comandos en sitios cruzados (XSS) en ATRC ACollab v1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del (1) par\u00e1metro address a profile.php o (2) par\u00e1metro description a events/add_event.php. Nota: la procedencia de esta informaci\u00f3n es desconocida, los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros."}], "lastModified": "2024-11-21T01:10:49.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:atutor:acollab:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95F25B55-C852-450E-96EF-FE603BCB3A6C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}