cbcvebase.
CVE-2010-2265
published 2010-06-15

CVE-2010-2265: Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and…

PriorityP432medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
20.99%
97.3th percentile
Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.