CVE-2010-3931

Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
rocomotionp_board
𝑥
≤ 1.18
rocomotionp_diary_r
𝑥
≤ 1.13
rocomotionp_forum
𝑥
≤ 1.30
rocomotionp_link
𝑥
≤ 1.11
rocomotionp_link_compact
𝑥
≤ 1.04
rocomotionp_up_board
𝑥
≤ 1.38
rocomotionpm_bbs
𝑥
≤ 1.07
rocomotionpm_forum
𝑥
≤ 1.18
rocomotionpplog
𝑥
≤ 3.31
rocomotionpplog_2
𝑥
≤ 3.37
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://another.rocomotion.jp/12949466953653.html
http://jvn.jp/en/jp/JVN09115481/index.html
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000006.html
http://osvdb.org/70495
http://secunia.com/advisories/42957
http://www.securityfocus.com/bid/45838
https://exchange.xforce.ibmcloud.com/vulnerabilities/64745
http://another.rocomotion.jp/12949466953653.html
http://jvn.jp/en/jp/JVN09115481/index.html
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000006.html
http://osvdb.org/70495
http://secunia.com/advisories/42957
http://www.securityfocus.com/bid/45838
https://exchange.xforce.ibmcloud.com/vulnerabilities/64745