CVE-2010-0152
Proventia Network Mail Security System Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Local Management Interface (LMI) en el dispositivo IBM Proventia Network Mail Security System (PNMSS), con firmware anterior a la versión 2.5.0.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) el parámetro date1 para pvm_messagestore.php, (2) el parámetro userfilter para pvm_user_management.php, (3) el parámetro ping para sys_tools.php en una acción sys_ping.php, (4) el parámetro action para pvm_cert_commaction.php, (5) el parámetro action para pvm_cert_serveraction.php, (6) el parámetro action para pvm_smtpstore.php, (7) el parámetro l para sla/index.php o (8) datos almacenados no especificados; y permitir a atacantes remotos autenticados inyectar secuencias de comandos web o HTML de su elección mediante (9) filtros de búsqueda almacenados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-01-04 CVE Reserved
- 2010-09-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/513629/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|---|---|
| http://www.ventuneac.net/security-advisories/MVSA-10-007 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Proventia Network Mail Security System Virtual Appliance Search vendor "Ibm" for product "Proventia Network Mail Security System Virtual Appliance" | * | - |
Affected
| in | Ibm Search vendor "Ibm" | Proventia Network Mail Security System Virtual Appliance Firmware Search vendor "Ibm" for product "Proventia Network Mail Security System Virtual Appliance Firmware" | 1.6 Search vendor "Ibm" for product "Proventia Network Mail Security System Virtual Appliance Firmware" and version "1.6" | - |
Affected
|
| Ibm Search vendor "Ibm" | Proventia Network Mail Security System Virtual Appliance Search vendor "Ibm" for product "Proventia Network Mail Security System Virtual Appliance" | * | - |
Affected
| in | Ibm Search vendor "Ibm" | Proventia Network Mail Security System Virtual Appliance Firmware Search vendor "Ibm" for product "Proventia Network Mail Security System Virtual Appliance Firmware" | 2.5 Search vendor "Ibm" for product "Proventia Network Mail Security System Virtual Appliance Firmware" and version "2.5" | - |
Affected
|