CVE-2010-4355:dadabik: Cross-site scripting (XSS) vulnerability in DaDaBIK...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4355

dadabik: Cross-site scripting (XSS) vulnerability in DaDaBIK...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4355

Original

Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-01

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-02

Affected Product Tags

cpe:/a:dadabik:dadabik:1.0.1:beta

cpe:/a:dadabik:dadabik:1.0.2:beta

cpe:/a:dadabik:dadabik:1.0.3:beta

cpe:/a:dadabik:dadabik:1.0.4:beta

cpe:/a:dadabik:dadabik:1.0.5:beta

cpe:/a:dadabik:dadabik:1.0:beta

cpe:/a:dadabik:dadabik:1.1:beta

cpe:/a:dadabik:dadabik:1.5

cpe:/a:dadabik:dadabik:1.5b

cpe:/a:dadabik:dadabik:1.6

cpe:/a:dadabik:dadabik:1.7

cpe:/a:dadabik:dadabik:1.8

cpe:/a:dadabik:dadabik:1.9

cpe:/a:dadabik:dadabik:1.9.1

cpe:/a:dadabik:dadabik:2.0.1:beta

cpe:/a:dadabik:dadabik:2.0:beta

cpe:/a:dadabik:dadabik:2.1:beta

cpe:/a:dadabik:dadabik:2.1b:beta

cpe:/a:dadabik:dadabik:2.2.1

cpe:/a:dadabik:dadabik:2.2.1:beta

cpe:/a:dadabik:dadabik:2.2:beta

cpe:/a:dadabik:dadabik:3.0

cpe:/a:dadabik:dadabik:3.0:beta

cpe:/a:dadabik:dadabik:3.1:beta

cpe:/a:dadabik:dadabik:3.2

cpe:/a:dadabik:dadabik:3.2:beta

cpe:/a:dadabik:dadabik:4.0

cpe:/a:dadabik:dadabik:4.0:alpha

cpe:/a:dadabik:dadabik:4.0:beta

cpe:/a:dadabik:dadabik:4.0:beta2

cpe:/a:dadabik:dadabik:4.1

cpe:/a:dadabik:dadabik:4.1:beta

cpe:/a:dadabik:dadabik:4.1:rc1

cpe:/a:dadabik:dadabik:4.1:rc2

cpe:/a:dadabik:dadabik:4.1:rc3

cpe:/a:dadabik:dadabik:4.2

cpe:/a:dadabik:dadabik:4.2:beta

cpe:/a:dadabik:dadabik:4.3:alpha

cpe:/a:dadabik:dadabik:4.3:beta

cpe:/a:dadabik:dadabik:4.3:beta2

cpe:/a:dadabik:dadabik:4.3:beta_rc1 and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 44826

CONFIRM http://www.dadabik.org/index.php?function=show_changelog

SECUNIA 42220

Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)

XF dadabik-selectsingle-xss(63219)