Vulnerability Details CVE-2010-4109
Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.1%
CVSS Severity
CVSS v2 Score 4.3
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02639302
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02639302
- http://www.securitytracker.com/id?1024827
- http://www.vupen.com/english/advisories/2010/3131
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02639302
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02639302
- http://www.securitytracker.com/id?1024827
- http://www.vupen.com/english/advisories/2010/3131
Products affected by CVE-2010-4109
-
cpe:2.3:o:hp:palm_webos:1.4.1
-
cpe:2.3:o:hp:palm_webos:1.4.5