Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Habariproject | Habari | 0.6.5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/42688Vendor Advisory
- http://wiki.habariproject.org/en/Release_0.6.6
- http://www.exploit-db.com/exploits/15799Exploit
- http://www.htbridge.ch/advisory/xss_vulnerability_in_habari.htmlExploit
- http://www.htbridge.ch/advisory/xss_vulnerability_in_habari_1.htmlExploit
- http://secunia.com/advisories/42688Vendor Advisory
- http://wiki.habariproject.org/en/Release_0.6.6
- http://www.exploit-db.com/exploits/15799Exploit
- http://www.htbridge.ch/advisory/xss_vulnerability_in_habari.htmlExploit
- http://www.htbridge.ch/advisory/xss_vulnerability_in_habari_1.htmlExploit
FAQ
What is CVE-2010-4607?
CVE-2010-4607 is a vulnerability with a CVSS score of 2.6 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter ...
How severe is CVE-2010-4607?
CVE-2010-4607 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4607?
Check the references section above for vendor advisories and patch information. Affected products include: Habariproject Habari.