NVD

Id
14453  
Name
CVE-2010-3023  
Description
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2010-08-16  
Modified Date
2012-02-15  
Seq
2010-3023  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
79965 14453 CVE-2010-3023 http://dev.hulihanapplications.com/issues/show/211  View
79966 14453 CVE-2010-3023 http://dev.hulihanapplications.com/issues/show/213  View
79967 14453 CVE-2010-3023 http://packetstormsecurity.org/1008-exploits/diamondlist-xssxsrf.txt  View
79968 14453 CVE-2010-3023 http://www.htbridge.ch/advisory/xss_vulnerability_in_diamondlist.html  View
79969 14453 CVE-2010-3023 http://www.htbridge.ch/advisory/xss_vulnerability_in_diamondlist_1.html  View
79970 14453 CVE-2010-3023 20100805 XSS vulnerability in DiamondList  View
79971 14453 CVE-2010-3023 20100805 XSS vulnerability in DiamondList  View
79972 14453 CVE-2010-3023 42252  View
79973 14453 CVE-2010-3023 ADV-2010-2025  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
38476 JVNDB-2010-004261 DiamondList におけるクロスサイトスクリプティングの脆弱性 DiamondList には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2010-3023 45603 CVE-2010-3023 14453 4.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004261.html 2010-08-16 2012-06-26 View