NVD

Id
14288  
Name
CVE-2010-2854  
Description
Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information.  
Reject
 
CVSS Version
2  
CVSS Score
2.6  
Severity
Low  
CVSS Base Score
2.6  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2010-07-24  
Modified Date
2010-07-26  
Seq
2010-2854  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
79019 14288 CVE-2010-2854 http://freshmeat.net/projects/eventh/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
39187 JVNDB-2010-004972 EVH の modfile.php におけるクロスサイトスクリプティングの脆弱性 Event Horizon (EVH) の modfile.php は、magic_quotes_gpc が無効になっている際、forced SQL 内で適切に処理しないため、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2010-2854 45434 CVE-2010-2854 14288 2.6 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004972.html 2010-07-24 2012-09-25 View