CVE-2010-2613
published 2010-07-02CVE-2010-2613: Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.44%
70.0th percentile
Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2010-0684 ActiveMQ: XSS in createDestination
bugzilla·2010-04-09·CVSS 3.5
CVE-2010-0684 [LOW] CVE-2010-0684 ActiveMQ: XSS in createDestination
CVE-2010-0684 ActiveMQ: XSS in createDestination
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0684 to
the following vulnerability:
Cross-site scripting (XSS) vulnerability in createDestination.action
in Apache ActiveMQ before 5.3.1 allows remote authenticated users to
inject arbitrary web script or HTML via the JMSDestination parameter
in a queue action.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0684
[2] http://www.securityfocus.com/archive/1/archive/1/510419/100/0/threaded
[3] http://www.rajatswarup.com/CVE-2010-0684.txt
[4] http://activemq.apache.org/activemq-531-release.html
[5] https://issues.apache.org/activemq/browse/AMQ-2613
[6] https://issues.apache.org/activemq/browse/AMQ-2625
[7] http://www.securityfocus.com/bid/39119
[8] ht
Bugzilla
CVE-2010-1244 ActiveMQ: CSRF in createDestination
bugzilla·2010-04-09·CVSS 6.8
CVE-2010-1244 [MEDIUM] CVE-2010-1244 ActiveMQ: CSRF in createDestination
CVE-2010-1244 ActiveMQ: CSRF in createDestination
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1244 to
the following vulnerability:
Cross-site request forgery (CSRF) vulnerability in
createDestination.action in Apache ActiveMQ before 5.3.1 allows remote
attackers to hijack the authentication of unspecified victims for
requests that create queues via the JMSDestination parameter in a
queue action.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1244
[2] http://activemq.apache.org/activemq-531-release.html
[3] https://issues.apache.org/activemq/browse/AMQ-2613
[4] https://issues.apache.org/activemq/browse/AMQ-2625
[5] http://secunia.com/advisories/39223
[6] http://xforce.iss.net/xforce/xfdb/57398
Discussion:
Statement:
Not vulnerable. Apac
http://packetstormsecurity.org/1006-exploits/joomlaawdsong-xss.txthttp://www.exploit-db.com/exploits/14059http://www.securityfocus.com/bid/41165https://exchange.xforce.ibmcloud.com/vulnerabilities/59807http://packetstormsecurity.org/1006-exploits/joomlaawdsong-xss.txthttp://www.exploit-db.com/exploits/14059http://www.securityfocus.com/bid/41165https://exchange.xforce.ibmcloud.com/vulnerabilities/59807
2010-07-02
Published