CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 5CVE-2010-2718
https://notcve.org/view.php?id=CVE-2010-2718
Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en CruxSoftware CruxPA v2.00, y posiblemente versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de lso parámetros (1) txtusername a login.php, (2) todo a newtodo.php, y vectores no especificados en (3) newtelephone.php y(4) newappointment.php. • http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html http://www.securityfocus.com/archive/1/512243/100/0/threaded http://www.securityfocus.com/bid/41495 http://www.vupen.com/english/advisories/2010/1709 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2010-2717
https://notcve.org/view.php?id=CVE-2010-2717
Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) manager/login.php de CruxSoftware CruxCMS v3.0, y posiblemente versiones anteriores, permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro "txtusername". • http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxcms_1.html http://www.securityfocus.com/archive/1/512245/100/0/threaded http://www.vupen.com/english/advisories/2010/1708 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •