CVE-2010-4355

EPSS 0.2%
Veröffentlicht 01.12.2010 16:06:13
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dadabik ≫ Dadabik Updatebeta_rc1 Version <= 4.3

Dadabik ≫ Dadabik Version1.0 Updatebeta

Dadabik ≫ Dadabik Version1.0.1 Updatebeta

Dadabik ≫ Dadabik Version1.0.2 Updatebeta

Dadabik ≫ Dadabik Version1.0.3 Updatebeta

Dadabik ≫ Dadabik Version1.0.4 Updatebeta

Dadabik ≫ Dadabik Version1.0.5 Updatebeta

Dadabik ≫ Dadabik Version1.1 Updatebeta

Dadabik ≫ Dadabik Version1.5

Dadabik ≫ Dadabik Version1.5b

Dadabik ≫ Dadabik Version1.6

Dadabik ≫ Dadabik Version1.7

Dadabik ≫ Dadabik Version1.8

Dadabik ≫ Dadabik Version1.9

Dadabik ≫ Dadabik Version1.9.1

Dadabik ≫ Dadabik Version2.0 Updatebeta

Dadabik ≫ Dadabik Version2.0.1 Updatebeta

Dadabik ≫ Dadabik Version2.1 Updatebeta

Dadabik ≫ Dadabik Version2.1b Updatebeta

Dadabik ≫ Dadabik Version2.2 Updatebeta

Dadabik ≫ Dadabik Version2.2.1

Dadabik ≫ Dadabik Version2.2.1 Updatebeta

Dadabik ≫ Dadabik Version3.0

Dadabik ≫ Dadabik Version3.0 Updatebeta

Dadabik ≫ Dadabik Version3.1 Updatebeta

Dadabik ≫ Dadabik Version3.2

Dadabik ≫ Dadabik Version3.2 Updatebeta

Dadabik ≫ Dadabik Version4.0

Dadabik ≫ Dadabik Version4.0 Updatealpha

Dadabik ≫ Dadabik Version4.0 Updatebeta

Dadabik ≫ Dadabik Version4.0 Updatebeta2

Dadabik ≫ Dadabik Version4.1

Dadabik ≫ Dadabik Version4.1 Updatebeta

Dadabik ≫ Dadabik Version4.1 Updaterc1

Dadabik ≫ Dadabik Version4.1 Updaterc2

Dadabik ≫ Dadabik Version4.1 Updaterc3

Dadabik ≫ Dadabik Version4.2

Dadabik ≫ Dadabik Version4.2 Updatebeta

Dadabik ≫ Dadabik Version4.3 Updatealpha

Dadabik ≫ Dadabik Version4.3 Updatebeta

Dadabik ≫ Dadabik Version4.3 Updatebeta2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.392

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/42220

Vendor Advisory

http://www.dadabik.org/index.php?function=show_changelog

http://www.securityfocus.com/bid/44826

https://exchange.xforce.ibmcloud.com/vulnerabilities/63219

https://nvd.nist.gov/vuln/detail/CVE-2010-4355

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-4355

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-4355

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2010-4355