CVE-2010-5302

Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.
Configurations

Configuration 1 (hide)

cpe:2.3:a:binarymoon:timthumb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:22

Type Values Removed Values Added
References () http://www.osvdb.org/71878 - () http://www.osvdb.org/71878 -
References () https://code.google.com/p/timthumb/source/detail?r=88 - () https://code.google.com/p/timthumb/source/detail?r=88 -

Information

Published : 2014-08-21 23:55

Updated : 2024-11-21 01:22


NVD link : CVE-2010-5302

Mitre link : CVE-2010-5302

CVE.ORG link : CVE-2010-5302


JSON object : View

Products Affected

binarymoon

  • timthumb
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')