CVE-2010-2985 — Cross-site Scripting in IBM Websphere Service Registry AND Repository

CWE-79 — Cross-site Scripting7 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 50.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Service Registry AND Repository
Timeline
PublishedAug 10
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-qm35-c2g5-9372: Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6↗2022-05-17
â–¶
CVEList
CVE-2010-2985: Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6↗2010-08-09
â–¶

💥Exploits & PoCs

3
Exploit-DB
Winamp 5.5.8.2985 (in_mod plugin) - Local Stack Overflow↗2010-10-25
â–¶
Exploit-DB
Winamp 5.5.8 (in_mod plugin) - Local Stack Overflow↗2010-10-19
â–¶
Exploit-DB
Winamp 5.5.8.2985 - Multiple Buffer Overflows↗2010-10-13
â–¶

💬Community

1
Bugzilla
CVE-2010-4168 OpenTTD: multiple remote DoS vulnerabilities↗2010-11-17
â–¶
CVE-2010-2985 — Cross-site Scripting in IBM | cvebase