| Vulnerability Name: | CVE-2010-3890 (CCN-63136) | ||||||||
| Assigned: | 2010-11-09 | ||||||||
| Published: | 2010-11-09 | ||||||||
| Updated: | 2018-10-10 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Nov 09 2010 - 03:15:19 CST IBM OmniFind - several vulnerabilities Source: MITRE Type: CNA CVE-2010-3890 Source: CCN Type: SA42119 IBM OmniFind Enterprise Edition Multiple Vulnerabilities Source: CCN Type: Fatih Kilic IBM OmniFind several issues Source: MISC Type: Exploit http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt Source: CCN Type: IBM Web site OmniFind Enterprise Edition Source: CCN Type: IBM Security Bulletin 1457083 Solutions for security vulnerabilities in OmniFind Enterprise Edition Source: CCN Type: OSVDB ID: 69243 IBM OmniFind ESAdmin/collection.do command Parameter XSS Source: BUGTRAQ Type: UNKNOWN 20101109 IBM OmniFind - several vulnerabilities Source: BID Type: Exploit 44740 Source: CCN Type: BID-44740 RETIRED: IBM OmniFind Multiple Vulnerabilities Source: VUPEN Type: Vendor Advisory ADV-2010-2933 Source: XF Type: UNKNOWN omnifind-collection-xss(63136) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||