4.3

CVE-2010-2463

Exploit
Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JamroomJamroom Version <= 4.1.8
JamroomJamroom Version1.0
JamroomJamroom Version1.0 Updateb1
JamroomJamroom Version1.0 Updateb2
JamroomJamroom Version1.0 Updateb3
JamroomJamroom Version1.0 Updateb4
JamroomJamroom Version1.0 Updateb5
JamroomJamroom Version2.0.9
JamroomJamroom Version2.0.9 Updatea
JamroomJamroom Version2.6.10
JamroomJamroom Version2.6.11
JamroomJamroom Version2.6.12
JamroomJamroom Version2.60
JamroomJamroom Version2.60 Updaterc2
JamroomJamroom Version2.60 Updaterc3
JamroomJamroom Version2.61
JamroomJamroom Version2.62
JamroomJamroom Version2.63
JamroomJamroom Version2.64
JamroomJamroom Version2.65
JamroomJamroom Version2.66
JamroomJamroom Version2.67
JamroomJamroom Version2.68
JamroomJamroom Version2.69
JamroomJamroom Version3.0
JamroomJamroom Version3.0 Updateb1
JamroomJamroom Version3.0 Updateb2
JamroomJamroom Version3.0 Updateb3
JamroomJamroom Version3.0 Updateb4
JamroomJamroom Version3.0 Updateb5
JamroomJamroom Version3.0 Updateb6
JamroomJamroom Version3.0 Updateb7
JamroomJamroom Version3.0 Updateb8
JamroomJamroom Version3.0.1
JamroomJamroom Version3.0.2
JamroomJamroom Version3.0.3
JamroomJamroom Version3.0.4
JamroomJamroom Version3.0.5
JamroomJamroom Version3.0.6
JamroomJamroom Version3.0.7
JamroomJamroom Version3.0.8
JamroomJamroom Version3.0.9
JamroomJamroom Version3.0.10
JamroomJamroom Version3.0.11
JamroomJamroom Version3.0.12
JamroomJamroom Version3.0.13
JamroomJamroom Version3.0.14
JamroomJamroom Version3.0.15
JamroomJamroom Version3.0.16
JamroomJamroom Version3.0.17
JamroomJamroom Version3.0.18
JamroomJamroom Version3.0.19
JamroomJamroom Version3.0.20
JamroomJamroom Version3.0.21
JamroomJamroom Version3.0.22
JamroomJamroom Version3.0.23
JamroomJamroom Version3.0.24
JamroomJamroom Version3.0.25
JamroomJamroom Version3.0.26
JamroomJamroom Version3.0.27
JamroomJamroom Version3.0.28
JamroomJamroom Version3.0.29
JamroomJamroom Version3.0.30
JamroomJamroom Version3.1.0
JamroomJamroom Version3.1.0 Updateb1
JamroomJamroom Version3.1.0 Updateb2
JamroomJamroom Version3.1.0 Updateb3
JamroomJamroom Version3.1.1
JamroomJamroom Version3.1.2
JamroomJamroom Version3.1.3
JamroomJamroom Version3.1.4
JamroomJamroom Version3.1.5
JamroomJamroom Version3.2.0
JamroomJamroom Version3.2.1
JamroomJamroom Version3.2.2
JamroomJamroom Version3.2.3
JamroomJamroom Version3.2.4
JamroomJamroom Version3.2.5
JamroomJamroom Version3.2.6
JamroomJamroom Version3.3.0
JamroomJamroom Version3.3.1
JamroomJamroom Version3.3.2
JamroomJamroom Version3.3.3
JamroomJamroom Version3.3.4
JamroomJamroom Version3.3.5
JamroomJamroom Version3.3.6
JamroomJamroom Version3.3.7
JamroomJamroom Version3.3.8
JamroomJamroom Version3.4.0
JamroomJamroom Version4.0.2
JamroomJamroom Version4.0.3
JamroomJamroom Version4.0.4
JamroomJamroom Version4.0.5
JamroomJamroom Version4.0.6
JamroomJamroom Version4.0.7
JamroomJamroom Version4.0.8
JamroomJamroom Version4.0.9
JamroomJamroom Version4.0.10
JamroomJamroom Version4.0.11
JamroomJamroom Version4.0.12
JamroomJamroom Version4.0.13
JamroomJamroom Version4.0.14
JamroomJamroom Version4.1.0
JamroomJamroom Version4.1.1
JamroomJamroom Version4.1.2
JamroomJamroom Version4.1.3
JamroomJamroom Version4.1.4
JamroomJamroom Version4.1.5
JamroomJamroom Version4.1.6
JamroomJamroom Version4.1.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.34
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.