Vulnerability Description
Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Malcom Box | Lxr Cross Referencer | <= 0.9.6 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=oss-security&m=127289957223005&w=2
- http://marc.info/?l=oss-security&m=127316953819027&w=2
- http://sourceforge.net/projects/lxr/files/stable/lxr-0.9.7/ChangeLog/download
- http://www.openwall.com/lists/oss-security/2010/05/03/7
- http://www.openwall.com/lists/oss-security/2010/05/06/2
- http://www.openwall.com/lists/oss-security/2010/05/14/3
- http://marc.info/?l=oss-security&m=127289957223005&w=2
- http://marc.info/?l=oss-security&m=127316953819027&w=2
- http://sourceforge.net/projects/lxr/files/stable/lxr-0.9.7/ChangeLog/download
- http://www.openwall.com/lists/oss-security/2010/05/03/7
- http://www.openwall.com/lists/oss-security/2010/05/06/2
- http://www.openwall.com/lists/oss-security/2010/05/14/3
FAQ
What is CVE-2010-1625?
CVE-2010-1625 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page...
How severe is CVE-2010-1625?
CVE-2010-1625 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1625?
Check the references section above for vendor advisories and patch information. Affected products include: Malcom Box Lxr Cross Referencer.