CVE-2010-2103
published 2010-05-27CVE-2010-2103: Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and…
PriorityP432medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
34.93%
98.2th percentile
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | axis2 | — | — |
| apache | axis2 | — | — |
| debian | axis | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Axis2: Cross-site scripting (XSS) in the adminstration console
vendor_redhat·2010-05-21·CVSS 4.3
CVE-2010-2103 [MEDIUM] CWE-79 Axis2: Cross-site scripting (XSS) in the adminstration console
Axis2: Cross-site scripting (XSS) in the adminstration console
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Package: axis (Red Hat Enterprise Linux 5) - Not affected
Package: axis (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2010-2103: axis - Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglob...
vendor_debian·2010·CVSS 4.3
CVE-2010-2103 [MEDIUM] CVE-2010-2103: axis - Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglob...
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
OSV
Improper Neutralization of Input During Web Page Generation in Apache Axis2
osv·2022-05-14
CVE-2010-2103 [MEDIUM] Improper Neutralization of Input During Web Page Generation in Apache Axis2
Improper Neutralization of Input During Web Page Generation in Apache Axis2
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
GHSA
Improper Neutralization of Input During Web Page Generation in Apache Axis2
ghsa·2022-05-14
CVE-2010-2103 [MEDIUM] CWE-79 Improper Neutralization of Input During Web Page Generation in Apache Axis2
Improper Neutralization of Input During Web Page Generation in Apache Axis2
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
No detection rules found.
http://osvdb.org/64844http://secunia.com/advisories/39906http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdfhttp://www.exploit-db.com/exploits/12689http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03http://www.securityfocus.com/archive/1/511404/100/0/threadedhttp://www.securityfocus.com/bid/40327http://www.vupen.com/english/advisories/2010/1215https://exchange.xforce.ibmcloud.com/vulnerabilities/58790https://kb.juniper.net/KB27373http://osvdb.org/64844http://secunia.com/advisories/39906http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdfhttp://www.exploit-db.com/exploits/12689http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03http://www.securityfocus.com/archive/1/511404/100/0/threadedhttp://www.securityfocus.com/bid/40327http://www.vupen.com/english/advisories/2010/1215https://exchange.xforce.ibmcloud.com/vulnerabilities/58790https://kb.juniper.net/KB27373
2010-05-27
Published