CVE-2010-1080
published 2010-03-23CVE-2010-1080: Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.11%
61.8th percentile
Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pulsecms | pulse_cms | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Pulse CMS 1.2.2 view.php f cross site scripting (XFDB-56430 / BID-38356)
vuldb·2026-05-03·CVSS 4.3
CVE-2010-1080 [MEDIUM] Pulse CMS 1.2.2 view.php f cross site scripting (XFDB-56430 / BID-38356)
A vulnerability was found in Pulse CMS 1.2.2 and classified as problematic. The affected element is an unknown function of the file view.php. Such manipulation of the argument f leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2010-1080. The attack can be launched remotely. No exploit exists.
GHSA
GHSA-h4xj-2367-pw6c: Cross-site scripting (XSS) vulnerability in view
ghsa_unreviewed·2022-05-02
CVE-2010-1080 [MEDIUM] CWE-79 GHSA-h4xj-2367-pw6c: Cross-site scripting (XSS) vulnerability in view
Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
Red Hat
fastjar: directory traversal vulnerabilities
vendor_redhat·2010-06-06·CVSS 5.0
CVE-2010-0831 [MEDIUM] fastjar: directory traversal vulnerabilities
fastjar: directory traversal vulnerabilities
Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Package: gcc (Red Hat Enterprise Linux 4) - Will not fix
Package: gcc4 (Red Hat Enterprise Linux 4) - Will not fix
Package: gcc44 (Red Hat Enterprise Linux 5) - Not affected
Package: gcc (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/62475http://packetstormsecurity.org/1002-exploits/pulsecms-xss.txthttp://secunia.com/advisories/38650http://www.securityfocus.com/bid/38356https://exchange.xforce.ibmcloud.com/vulnerabilities/56430http://osvdb.org/62475http://packetstormsecurity.org/1002-exploits/pulsecms-xss.txthttp://secunia.com/advisories/38650http://www.securityfocus.com/bid/38356https://exchange.xforce.ibmcloud.com/vulnerabilities/56430
2010-03-23
Published