CVE-2010-1048
published 2010-03-23CVE-2010-1048: Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.45%
70.1th percentile
Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of these details are obtained from third party information.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Uiga Business Portal blog/index.php textcomment cross site scripting (EDB-11357 / SA38430)
vuldb·2026-05-03·CVSS 4.3
CVE-2010-1048 [MEDIUM] Uiga Business Portal blog/index.php textcomment cross site scripting (EDB-11357 / SA38430)
A vulnerability described as problematic has been identified in Uiga Business Portal. Impacted is an unknown function of the file blog/index.php. Executing a manipulation of the argument textcomment can lead to cross site scripting.
This vulnerability appears as CVE-2010-1048. The attack may be performed from remote. In addition, an exploit is available.
GHSA
GHSA-5mcc-54x4-8c4q: Cross-site scripting (XSS) vulnerability in blog/index
ghsa_unreviewed·2022-05-02
CVE-2010-1048 [MEDIUM] CWE-79 GHSA-5mcc-54x4-8c4q: Cross-site scripting (XSS) vulnerability in blog/index
Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of these details are obtained from third party information.
No detection rules found.
No writeups or analysis indexed.
2010-03-23
Published