Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alberto Pittoni | Alguest | 1.1 |
Related Weaknesses (CWE)
References
- http://evuln.com/vulns/151/summary.htmlExploitPatch
- http://packetstormsecurity.org/files/view/96297/alguest-xss.txtExploit
- http://www.securityfocus.com/archive/1/514960/100/0/threaded
- http://www.securityfocus.com/bid/45140
- http://evuln.com/vulns/151/summary.htmlExploitPatch
- http://packetstormsecurity.org/files/view/96297/alguest-xss.txtExploit
- http://www.securityfocus.com/archive/1/514960/100/0/threaded
- http://www.securityfocus.com/bid/45140
FAQ
What is CVE-2010-4407?
CVE-2010-4407 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (messa...
How severe is CVE-2010-4407?
CVE-2010-4407 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4407?
Check the references section above for vendor advisories and patch information. Affected products include: Alberto Pittoni Alguest.