CVE-2010-2856
Published Jul 25, 2010
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oscss:oscss:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76C3C14B-B5D9-4D9B-8167-0EBAA825A92D",
"versionEndIncluding": "1.2.2"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:1.0:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66B5BAE7-9B43-4734-98ED-AEC199867C77"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:1.0.1:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "916E18FC-0C8C-4D1E-BCE1-FE6D63C46E5D"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:1.1:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EA8942B-EFFF-42C7-96FB-C3B5951DC1E1"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A90BA54A-04E5-416F-96BB-615FBD3DA81A"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4ECDF95-A465-49F4-84F3-FE787D67C068"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:1.2.2:rc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "459F4928-B164-4E67-B1CF-CF7BEEA0D6DC"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:1.2.2:rca:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2537C8B3-5D8A-431C-AE12-4B7B1FCBA9F5"
}
],
"operator": "OR"
}
]
}
]