CVE-2010-2858

  • Last update: Apr 13, 2023

Description

Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters.

Software From Fixed in
boesch-it / simpnews 2.42.0 2.42.0.x
boesch-it / simpnews 2.13 2.13.x
boesch-it / simpnews 2.30.6 2.30.6.x
boesch-it / simpnews 2.41.0 2.41.0.x
boesch-it / simpnews 2.32.1 2.32.1.x
boesch-it / simpnews 2.42.01 2.42.01.x
boesch-it / simpnews 2.33.01 2.33.01.x
boesch-it / simpnews 2.39.0 2.39.0.x
boesch-it / simpnews 2.38.03 2.38.03.x
boesch-it / simpnews 2.41.03 2.41.03.x
boesch-it / simpnews 2.34.01 2.34.01.x
boesch-it / simpnews 2.30 2.30.x
boesch-it / simpnews 2.47.00 2.47.00.x
boesch-it / simpnews 2.38.04 2.38.04.x
boesch-it / simpnews 2.34 2.34.x
boesch-it / simpnews 2.33.0 2.33.0.x
boesch-it / simpnews 2.40.01 2.40.01.x
boesch-it / simpnews 2.34.0 2.34.0.x
boesch-it / simpnews 2.36.00 2.36.00.x
boesch-it / simpnews 2.37.02 2.37.02.x
boesch-it / simpnews 2.31.0 2.31.0.x
boesch-it / simpnews - 2.47.03.x
boesch-it / simpnews 2.41.02 2.41.02.x
boesch-it / simpnews 2.37.00 2.37.00.x
boesch-it / simpnews 2.38 2.38.x
boesch-it / simpnews 2.44.00 2.44.00.x
boesch-it / simpnews 2.32.0 2.32.0.x
boesch-it / simpnews 2.35.00 2.35.00.x
boesch-it / simpnews 2.38.02 2.38.02.x
boesch-it / simpnews 2.0.1 2.0.1.x
boesch-it / simpnews 2.37.01 2.37.01.x
boesch-it / simpnews 2.30.2 2.30.2.x

Details

    • Severity: Low
  • CVE: CVE-2010-2858
  • Published: Jul 25, 2010
  • Updated: Apr 13, 2023
  • Exploit:

CVSS v2

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs

OWASP TOP 10