CVE-2010-3470

CWE-79 ā€” Cross-site Scripting (XSS)7 documents5 sources
Severity
4.3MEDIUM
EPSS
0.5%
top 34.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Filenet P8 Application Engine
Timeline
PublishedSep 20
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

ā–¶NVDibm/filenet_p8_application_engine3.5.1, 4.0.2+1

šŸ”“Vulnerability Details

2
GHSA
GHSA-3gp9-pq9g-7grc: Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3ā†—2022-05-17
ā–¶
CVEList
CVE-2010-3470: Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3ā†—2010-09-20
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
Logitech VideoCall - ActiveX Control Buffer Overflow (Metasploit)ā†—2010-05-09
ā–¶

šŸ’¬Community

1
Bugzilla
CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [epel-7]ā†—2014-08-07
ā–¶
CVE-2010-3470 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io