cve-2010-2957
Vulnerability from cvelistv5
Published
2010-09-10 17:00
Modified
2024-09-17 02:31
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:45.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100829 CVE request: serendipity \u003c 1.5.4 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html"
},
{
"name": "[oss-security] 20100831 Re: CVE request: serendipity \u003c 1.5.4 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/31/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when \"Remember me\" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-10T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100829 CVE request: serendipity \u003c 1.5.4 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html"
},
{
"name": "[oss-security] 20100831 Re: CVE request: serendipity \u003c 1.5.4 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/31/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when \"Remember me\" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100829 CVE request: serendipity \u003c 1.5.4 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/29/3"
},
{
"name": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html"
},
{
"name": "[oss-security] 20100831 Re: CVE request: serendipity \u003c 1.5.4 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/31/5"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2957",
"datePublished": "2010-09-10T17:00:00Z",
"dateReserved": "2010-08-04T00:00:00Z",
"dateUpdated": "2024-09-17T02:31:48.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2010-2957\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-09-10T18:00:02.080\",\"lastModified\":\"2024-11-21T01:17:43.993\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when \\\"Remember me\\\" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Serendipity anteriores a v1.5.4, cuando el login \\\"Remenber me\\\" est\u00e1 activado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:P/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.3\",\"matchCriteriaId\":\"6B90B3D2-8678-4E7D-BEB1-75F57DFCD81F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62233D77-9838-48AB-9A2D-F4EAA9E237EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A6F23BF-1C25-4A5E-9EC4-35A1A821A235\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2DCAE37-B4E9-490E-B441-CA6DD4DBBE28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.5:pl1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A65D59D-DDFF-4551-987C-D449A4C6F57A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E7930F0-59AD-45D6-B79D-92DB88EFF4D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.6:pl1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7944B3DC-25B1-47EA-A919-E15DDE829A33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.6:pl2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8739C797-0843-48B3-98E0-35D833A92CA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.6:pl3:*:*:*:*:*:*\",\"matchCriteriaId\":\"894A8EF2-0014-49CB-9947-65E1C3CDE0D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"475C0928-80F3-4DE1-8A75-90C87B24D530\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.6:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"60A92A7E-A564-459F-8F92-703716C40634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"925A50B9-0CEF-42FF-8359-52BAFB4FEBB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.7:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBBF1CD6-8476-42C9-BAFC-33976EA84AE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.7:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1426E66-CDA6-45A0-AF6C-FB2F0312F53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.7:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"39A9649C-EF1F-48CA-93F0-74C0F35CC42B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.7:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8AF0430-7807-48F7-9FB2-5C3831BD17D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C9BD9E5-C924-47E1-AA31-ED98B947FEAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C739BCD2-1722-42E0-9560-752DBBF05BC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7515A9A-1FD0-484E-97CB-5969729804DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.8:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"99A55A6D-6F6A-4684-8532-F19856D1440F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.8:beta6:*:*:*:*:*:*\",\"matchCriteriaId\":\"20D7A000-A3B7-4047-AB8E-E77732E31EF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.8:beta6_snapshot:*:*:*:*:*:*\",\"matchCriteriaId\":\"992EC39E-DB67-4FD2-846A-4387C23031CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40A451C0-D4D8-43FF-BFC9-E525138DCA37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E1F8976-0691-4C47-9BA3-BC01BA808BE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B2FF146-8CEF-48C8-81A3-08B4736DC27D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5986FA95-D0F8-4E41-A445-F2F0EFEE872A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22A4B77F-67DC-4D25-8948-0C0B59C38E07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E24AD8E2-AEB7-4D73-9B15-AE0B293A0825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47CE7E31-9C42-434E-B1B7-F38966514405\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F5193D1-4BB6-4B2C-8361-BA1C7BE7524B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"153BD501-C162-4D75-B7B6-41B03D3D4A86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4EA6E64-385D-4CC9-A4DC-D95BA8EDB519\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9574CE0E-8B43-4ECD-8812-AE5E0A5DE7F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B62B695-74A2-49AA-87EF-38F129A94755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D4ACB96-F32D-40E2-A9F3-A3CD78658C4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B027CFC-5E0E-45D3-82BC-8F59F386D188\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C6CB12-9D14-4D5C-8FC0-02179436B487\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23D55BCF-58D1-48D8-9BA2-2884F6126F8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.1:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C38FD28F-ACEA-4F2D-9CD8-A35349FCF9ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"707176E4-B735-4A6A-AC7D-01250663D25D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0132EF3F-F9D8-4CEC-A774-4929B4DE6E55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2217392-37F3-4CC6-85DE-33CB8841814F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"706E7CF6-C396-4A19-B87C-05BA8C8D9EE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0C422BF-FBDE-4DD2-BB55-868B19890479\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.2:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"699268BC-DD83-4569-8859-69296DB9AD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1E92848-05FA-45EE-BD8A-98E337131892\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96AD0492-E4D4-4A43-80EF-5F38F62DFF25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B176479-5EFB-4943-801A-676B74C04DDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D68BD0B3-FB77-4288-93F4-2E018789D858\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E6CE765-5EA9-4E38-8EB4-2913CEBE5F44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE962E7C-08A3-44E4-B06D-E00A03C3DB16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.5:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6517B1A-C1E8-41D6-A93C-35A5328ADA0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91A8DDF5-F344-4810-AAFA-31085CC8ED01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8058BE3F-6C1E-4B6D-922D-909022D897CB\"}]}]}],\"references\":[{\"url\":\"http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/08/29/3\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/08/31/5\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/08/29/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/08/31/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.