CVE-2010-1625

EUVD-2010-1648
Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
malcom_boxlxr_cross_referencer
𝑥
≤ 0.9.6
malcom_boxlxr_cross_referencer
0.3
malcom_boxlxr_cross_referencer
0.3.1
malcom_boxlxr_cross_referencer
0.7
malcom_boxlxr_cross_referencer
0.8
malcom_boxlxr_cross_referencer
0.9
malcom_boxlxr_cross_referencer
0.9.1
malcom_boxlxr_cross_referencer
0.9.2
malcom_boxlxr_cross_referencer
0.9.3
malcom_boxlxr_cross_referencer
0.9.4
malcom_boxlxr_cross_referencer
0.9.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lxr-cvs
dapper
ignored
hardy
ignored
jaunty
ignored
karmic
ignored
lucid
ignored
maverick
dne
natty
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
Common Weakness Enumeration
References
http://marc.info/?l=oss-security&m=127289957223005&w=2
http://marc.info/?l=oss-security&m=127316953819027&w=2
http://sourceforge.net/projects/lxr/files/stable/lxr-0.9.7/ChangeLog/download
http://www.openwall.com/lists/oss-security/2010/05/03/7
http://www.openwall.com/lists/oss-security/2010/05/06/2
http://www.openwall.com/lists/oss-security/2010/05/14/3
http://marc.info/?l=oss-security&m=127289957223005&w=2
http://marc.info/?l=oss-security&m=127316953819027&w=2
http://sourceforge.net/projects/lxr/files/stable/lxr-0.9.7/ChangeLog/download
http://www.openwall.com/lists/oss-security/2010/05/03/7
http://www.openwall.com/lists/oss-security/2010/05/06/2
http://www.openwall.com/lists/oss-security/2010/05/14/3