CVE-2010-2856

Published Jul 25, 2010

Last updated 3 months ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oscss:oscss:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76C3C14B-B5D9-4D9B-8167-0EBAA825A92D",
            "versionEndIncluding": "1.2.2"
          },
          {
            "criteria": "cpe:2.3:a:oscss:oscss:1.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66B5BAE7-9B43-4734-98ED-AEC199867C77"
          },
          {
            "criteria": "cpe:2.3:a:oscss:oscss:1.0.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "916E18FC-0C8C-4D1E-BCE1-FE6D63C46E5D"
          },
          {
            "criteria": "cpe:2.3:a:oscss:oscss:1.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EA8942B-EFFF-42C7-96FB-C3B5951DC1E1"
          },
          {
            "criteria": "cpe:2.3:a:oscss:oscss:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A90BA54A-04E5-416F-96BB-615FBD3DA81A"
          },
          {
            "criteria": "cpe:2.3:a:oscss:oscss:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4ECDF95-A465-49F4-84F3-FE787D67C068"
          },
          {
            "criteria": "cpe:2.3:a:oscss:oscss:1.2.2:rc:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "459F4928-B164-4E67-B1CF-CF7BEEA0D6DC"
          },
          {
            "criteria": "cpe:2.3:a:oscss:oscss:1.2.2:rca:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2537C8B3-5D8A-431C-AE12-4B7B1FCBA9F5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References