CVE-2010-3447

Published Apr 4, 2011

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:horde:gollem:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25126D4F-6975-4367-BDFD-C3F86006B624",
            "versionEndIncluding": "1.1.1"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4E0E674-5CA7-4E8E-8F09-27DE07163FDE"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.0:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0899ECCC-53EA-4E92-A594-3F794686BEFD"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9456DF5-F5A8-4C7F-996E-92460D92186D"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F97B4D7-857D-4069-9C53-7FB8608023D5"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B98920D-0D45-4F2B-B831-2F9EEA40FF69"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6AA3B89-CD83-48FB-BD7D-C64FBF343FC5"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.0.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3EFA3DB-2ED5-4943-8A90-3E32F138CD07"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "432CED74-A45B-48C9-8B6F-CD47C199C0F0"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.0.2:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F659E87A-C13C-42DD-B879-C816F8B5934B"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75CC2297-8F92-4A52-9B4C-676180BD2EA3"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C85F9C7B-05EC-45E2-B3EA-95203DE39123"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15C21375-373D-4EA4-AE2F-10F5074A752B"
          },
          {
            "criteria": "cpe:2.3:a:horde:gollem:1.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6E0BBC8-E171-4B0C-9423-7556DDB84A07"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References