CVE-2010-2103
Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en axis2-admin/axis2-admin/engagingglobally en la consola de administración de Apache Axis2/Java v1.4.1, v1.5.1 y posiblemente otras versiones, usada en Business Objects 12, 3com IMC y posiblemente en otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "modules". NOTA: algunos detalles han sido obtenidos a partir de terceros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-05-21 First Exploit
- 2010-05-27 CVE Reserved
- 2010-05-27 CVE Published
- 2024-04-14 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/511404/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58790 | Vdb Entry | |
| https://kb.juniper.net/KB27373 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/12689 | 2010-05-21 | |
| http://osvdb.org/64844 | 2024-08-07 | |
| http://www.exploit-db.com/exploits/12689 | 2024-08-07 | |
| http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03 | 2024-08-07 | |
| http://www.securityfocus.com/bid/40327 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/39906 | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2010/1215 | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Axis2 Search vendor "Apache" for product "Axis2" | 1.4.1 Search vendor "Apache" for product "Axis2" and version "1.4.1" | - |
Affected
| in | 3com Search vendor "3com" | Intelligent Management Center Search vendor "3com" for product "Intelligent Management Center" | * | - |
Safe
|
| Apache Search vendor "Apache" | Axis2 Search vendor "Apache" for product "Axis2" | 1.4.1 Search vendor "Apache" for product "Axis2" and version "1.4.1" | - |
Affected
| in | Sap Search vendor "Sap" | Business Objects Search vendor "Sap" for product "Business Objects" | 12 Search vendor "Sap" for product "Business Objects" and version "12" | - |
Safe
|
| Apache Search vendor "Apache" | Axis2 Search vendor "Apache" for product "Axis2" | 1.5.1 Search vendor "Apache" for product "Axis2" and version "1.5.1" | - |
Affected
| in | 3com Search vendor "3com" | Intelligent Management Center Search vendor "3com" for product "Intelligent Management Center" | * | - |
Safe
|
| Apache Search vendor "Apache" | Axis2 Search vendor "Apache" for product "Axis2" | 1.5.1 Search vendor "Apache" for product "Axis2" and version "1.5.1" | - |
Affected
| in | Sap Search vendor "Sap" | Business Objects Search vendor "Sap" for product "Business Objects" | 12 Search vendor "Sap" for product "Business Objects" and version "12" | - |
Safe
|
| Apache Search vendor "Apache" | Axis2 Search vendor "Apache" for product "Axis2" | 1.4.1 Search vendor "Apache" for product "Axis2" and version "1.4.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Axis2 Search vendor "Apache" for product "Axis2" | 1.5.1 Search vendor "Apache" for product "Axis2" and version "1.5.1" | - |
Affected
| ||||||