CVE-2010-4275

EUVD-2010-4248
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
dmasoftlabradius_manager
3.8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/42364
http://www.exploit-db.com/exploits/15766
http://www.securityfocus.com/bid/45481
https://exchange.xforce.ibmcloud.com/vulnerabilities/64199
http://secunia.com/advisories/42364
http://www.exploit-db.com/exploits/15766
http://www.securityfocus.com/bid/45481
https://exchange.xforce.ibmcloud.com/vulnerabilities/64199