Vulnerability Details CVE-2010-4607
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.0%
CVSS Severity
CVSS v2 Score 2.6
References
- http://secunia.com/advisories/42688
- http://wiki.habariproject.org/en/Release_0.6.6
- http://www.exploit-db.com/exploits/15799
- http://www.htbridge.ch/advisory/xss_vulnerability_in_habari.html
- http://www.htbridge.ch/advisory/xss_vulnerability_in_habari_1.html
- http://secunia.com/advisories/42688
- http://wiki.habariproject.org/en/Release_0.6.6
- http://www.exploit-db.com/exploits/15799
- http://www.htbridge.ch/advisory/xss_vulnerability_in_habari.html
- http://www.htbridge.ch/advisory/xss_vulnerability_in_habari_1.html
Products affected by CVE-2010-4607
-
cpe:2.3:a:habariproject:habari:0.6.5