CVE-2010-4405 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Vendor	Product	Version
anything-digital	sh404sef	𝑥 ≤ 2.1.7.761
anything-digital	sh404sef	1.5.2.255
anything-digital	sh404sef	1.5.3.296
anything-digital	sh404sef	1.5.4.302
anything-digital	sh404sef	1.5.5.388
anything-digital	sh404sef	1.5.6.398
anything-digital	sh404sef	1.5.7.407
anything-digital	sh404sef	1.5.8.432
anything-digital	sh404sef	1.5.9.434
anything-digital	sh404sef	1.5.10.446
anything-digital	sh404sef	1.5.11.459
anything-digital	sh404sef	1.5.12.464
anything-digital	sh404sef	2.0.0:rc522
anything-digital	sh404sef	2.0.1.531
anything-digital	sh404sef	2.0.2.542
anything-digital	sh404sef	2.0.3.545
anything-digital	sh404sef	2.1.0.641
anything-digital	sh404sef	2.1.1.644
anything-digital	sh404sef	2.1.2.649
anything-digital	sh404sef	2.1.3.680
anything-digital	sh404sef	2.1.4.734
anything-digital	sh404sef	2.1.5.746
anything-digital	sh404sef	2.1.6.749

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://dev.anything-digital.com/Forum/Announcements/9100-Urgent-sh404SEF-security-release-Joomla-1.5/

http://secunia.com/advisories/42430

http://twitter.com/jeffchannell/status/8603529560195072

http://www.securityfocus.com/bid/45135

http://dev.anything-digital.com/Forum/Announcements/9100-Urgent-sh404SEF-security-release-Joomla-1.5/

http://secunia.com/advisories/42430

http://twitter.com/jeffchannell/status/8603529560195072

http://www.securityfocus.com/bid/45135