NVD

Id
14225  
Name
CVE-2010-2790  
Description
Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2010-08-05  
Modified Date
2010-08-05  
Seq
2010-2790  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
78685 14225 CVE-2010-2790 42017  View
78686 14225 CVE-2010-2790 ADV-2010-1908  View
78687 14225 CVE-2010-2790 http://www.zabbix.com/forum/showthread.php?p=68770  View
78688 14225 CVE-2010-2790 zabbix-classcurl-xss(60772)  View
78689 14225 CVE-2010-2790 https://support.zabbix.com/browse/ZBX-2326  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
36177 JVNDB-2010-001957 Zabbix の formatQuery 関数におけるクロスサイトスクリプティングの脆弱性 Zabbix の frontends/php/include/classes/class.curl.php 内にある formatQuery 関数には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2010-2790 45370 CVE-2010-2790 14225 4.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001957.html 2010-06-09 2010-09-07 View