CVE-2010-4873 — MEDIUM (4.3)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Webidsupport	Webid	0.8.5

Related Weaknesses (CWE)

CWE-79

References

http://osvdb.org/69103Exploit
http://packetstormsecurity.org/1011-exploits/webid085p1-xss.txtExploit
http://secunia.com/advisories/42171Vendor Advisory
http://securityreason.com/securityalert/8429
http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.ScrExploit
http://www.securityfocus.com/bid/44765Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/63152
http://osvdb.org/69103Exploit
http://packetstormsecurity.org/1011-exploits/webid085p1-xss.txtExploit
http://secunia.com/advisories/42171Vendor Advisory
http://securityreason.com/securityalert/8429
http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.ScrExploit
http://www.securityfocus.com/bid/44765Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/63152

FAQ

What is CVE-2010-4873?

CVE-2010-4873 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

How severe is CVE-2010-4873?

CVE-2010-4873 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-4873?

Check the references section above for vendor advisories and patch information. Affected products include: Webidsupport Webid.