CVE-2010-4749

{"id": "CVE-2010-4749", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-03-01T22:00:01.253", "references": [{"url": "http://blogcms.com/", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.org/files/view/96731/blogcms-xsrfxss.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/8112", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/15743", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_blogcms.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_blogcms.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_blogcms_1.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://blogcms.com/", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.org/files/view/96731/blogcms-xsrfxss.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/8112", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/15743", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_blogcms.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_blogcms.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_blogcms_1.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admin/index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en BLOG:CMS 4.2.1.e y posiblemente versiones anteriores. Permiten a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de el (1) par\u00e1metro body de action.php y los par\u00e1metros (2) amount y (3) action de admin/index.php."}], "lastModified": "2024-11-21T01:21:40.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blogcms:blog\\:cms:4.2.1.e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED3D8F7B-76EF-400B-AF35-EBE25F6022E7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}