Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2103

CWE-79Cross-site Scripting (XSS)8 documents8 sources
Severity
4.3MEDIUM
EPSS
26.9%
top 3.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Axis2
Timeline
PublishedMay 27
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Mavenorg.apache.axis2.wso2:axis21.4.11.6.0
NVDapache/axis21.4.1, 1.5.1+1

🔴Vulnerability Details

3
OSV
Improper Neutralization of Input During Web Page Generation in Apache Axis22022-05-14
GHSA
Improper Neutralization of Input During Web Page Generation in Apache Axis22022-05-14
CVEList
CVE-2010-2103: Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 12010-05-27

💥Exploits & PoCs

1
Exploit-DB
Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting2010-05-21

📋Vendor Advisories

2
Red Hat
Axis2: Cross-site scripting (XSS) in the adminstration console2010-05-21
Debian
CVE-2010-2103: axis - Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglob...2010

💬Community

1
Bugzilla
CVE-2010-2103 Apache Axis2: Cross-site scripting (XSS) in the adminstration console2010-08-13
CVE-2010-2103 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io