CVE-2010-1625

Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
malcom_boxlxr_cross_referencer
𝑥
≤ 0.9.6
malcom_boxlxr_cross_referencer
0.3
malcom_boxlxr_cross_referencer
0.3.1
malcom_boxlxr_cross_referencer
0.7
malcom_boxlxr_cross_referencer
0.8
malcom_boxlxr_cross_referencer
0.9
malcom_boxlxr_cross_referencer
0.9.1
malcom_boxlxr_cross_referencer
0.9.2
malcom_boxlxr_cross_referencer
0.9.3
malcom_boxlxr_cross_referencer
0.9.4
malcom_boxlxr_cross_referencer
0.9.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lxr-cvs
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
dne
maverick
dne
lucid
ignored
karmic
ignored
jaunty
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://marc.info/?l=oss-security&m=127289957223005&w=2
http://marc.info/?l=oss-security&m=127316953819027&w=2
http://sourceforge.net/projects/lxr/files/stable/lxr-0.9.7/ChangeLog/download
http://www.openwall.com/lists/oss-security/2010/05/03/7
http://www.openwall.com/lists/oss-security/2010/05/06/2
http://www.openwall.com/lists/oss-security/2010/05/14/3
http://marc.info/?l=oss-security&m=127289957223005&w=2
http://marc.info/?l=oss-security&m=127316953819027&w=2
http://sourceforge.net/projects/lxr/files/stable/lxr-0.9.7/ChangeLog/download
http://www.openwall.com/lists/oss-security/2010/05/03/7
http://www.openwall.com/lists/oss-security/2010/05/06/2
http://www.openwall.com/lists/oss-security/2010/05/14/3