CVE-2010-0726

Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters.
Cross-site Scripting
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
tdiarytdiary
𝑥
≤ 2.2.2
tdiarytdiary
2.0.1
tdiarytdiary
2.0.2
tdiarytdiary
2.0.3
tdiarytdiary
2.1.1
tdiarytdiary
2.1.4.2006-11-15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tdiary
bullseye
5.1.5-1
fixed
bookworm
5.2.3-2
fixed
sid
5.3.0-1
fixed
trixie
5.3.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tdiary
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
Fixed 2.2.1-1+lenny1build0.9.10.1
released
jaunty
Fixed 2.2.1-1+lenny1build0.9.04.1
released
intrepid
Fixed 2.2.1-1+lenny1build0.8.10.1
released
hardy
ignored
dapper
ignored