CVE-2010-2718

{"id": "CVE-2010-2718", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-07-13T18:30:02.140", "references": [{"url": "http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/512243/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/41495", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/1709", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en CruxSoftware CruxPA v2.00, y posiblemente versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de lso par\u00e1metros (1) txtusername a login.php, (2) todo a newtodo.php, y vectores no especificados en (3) newtelephone.php y(4) newappointment.php."}], "lastModified": "2018-10-10T19:59:58.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cruxsoftware:cruxpa:2.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C78D740D-9685-43B1-BF03-BC87904FF033"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}