CVE-2010-2858

EUVD-2010-2862
Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
boesch-itsimpnews
𝑥
≤ 2.47.03
boesch-itsimpnews
2.0.1
boesch-itsimpnews
2.13
boesch-itsimpnews
2.30
boesch-itsimpnews
2.30.2
boesch-itsimpnews
2.30.6
boesch-itsimpnews
2.31.0
boesch-itsimpnews
2.32.0
boesch-itsimpnews
2.32.1
boesch-itsimpnews
2.33.0
boesch-itsimpnews
2.33.01
boesch-itsimpnews
2.34
boesch-itsimpnews
2.34.0
boesch-itsimpnews
2.34.01
boesch-itsimpnews
2.35.00
boesch-itsimpnews
2.36.00
boesch-itsimpnews
2.37.00
boesch-itsimpnews
2.37.01
boesch-itsimpnews
2.37.02
boesch-itsimpnews
2.38
boesch-itsimpnews
2.38.02
boesch-itsimpnews
2.38.03
boesch-itsimpnews
2.38.04
boesch-itsimpnews
2.39.0
boesch-itsimpnews
2.40.01
boesch-itsimpnews
2.41.0
boesch-itsimpnews
2.41.02
boesch-itsimpnews
2.41.03
boesch-itsimpnews
2.42.0
boesch-itsimpnews
2.42.01
boesch-itsimpnews
2.44.00
boesch-itsimpnews
2.47.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt
http://secunia.com/advisories/40501
http://websecurity.com.ua/4245/
http://www.securityfocus.com/archive/1/512271/100/0/threaded
http://www.securityfocus.com/bid/41517
https://exchange.xforce.ibmcloud.com/vulnerabilities/60244
http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt
http://secunia.com/advisories/40501
http://websecurity.com.ua/4245/
http://www.securityfocus.com/archive/1/512271/100/0/threaded
http://www.securityfocus.com/bid/41517
https://exchange.xforce.ibmcloud.com/vulnerabilities/60244