CVE-2010-1095
published 2010-03-24CVE-2010-1095: Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.33%
81.4th percentile
Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jan_schutze | truc | <= 0.11.0 | — |
| jan_schutze | truc | — | — |
| jan_schutze | truc | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Jan Schutze TRUC 0.9.0/0.10.0/0.11.0 login_reset_password_page.php Error cross site scripting (EDB-33679 / ID 12433)
vuldb·2026-05-03·CVSS 4.3
CVE-2010-1095 [MEDIUM] Jan Schutze TRUC 0.9.0/0.10.0/0.11.0 login_reset_password_page.php Error cross site scripting (EDB-33679 / ID 12433)
A vulnerability classified as problematic was found in Jan Schutze TRUC 0.9.0/0.10.0/0.11.0. Impacted is an unknown function of the file login_reset_password_page.php. The manipulation of the argument Error results in cross site scripting.
This vulnerability is reported as CVE-2010-1095. The attack can be launched remotely. Moreover, an exploit is present.
GHSA
GHSA-gxvh-4whm-hw8p: Cross-site scripting (XSS) vulnerability in login_reset_password_page
ghsa_unreviewed·2022-05-02
CVE-2010-1095 [MEDIUM] CWE-79 GHSA-gxvh-4whm-hw8p: Cross-site scripting (XSS) vulnerability in login_reset_password_page
Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
No writeups or analysis indexed.
2010-03-24
Published