CVE-2010-4895
published 2011-10-08CVE-2010-4895: Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.26%
80.8th percentile
Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chillycms | chillycms | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-53x4-m57v-6325: Cross-site scripting (XSS) vulnerability in core/showsite
ghsa_unreviewed·2022-05-17
CVE-2010-4895 [MEDIUM] CWE-79 GHSA-53x4-m57v-6325: Cross-site scripting (XSS) vulnerability in core/showsite
Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third party information.
Red Hat
kernel: tty->pgrp races
vendor_redhat·2009-12-17·CVSS 4.7
CVE-2009-4895 [MEDIUM] kernel: tty->pgrp races
kernel: tty->pgrp races
Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9.
Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and 5. This issue was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0161.html.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.org/1009-exploits/chillycms-sqlxss.txthttp://secunia.com/advisories/41313http://securityreason.com/securityalert/8437http://www.bugreport.ir/index_73.htmhttp://www.exploit-db.com/exploits/14897http://www.osvdb.org/67835http://www.securityfocus.com/bid/42991http://www.vupen.com/english/advisories/2010/2298https://exchange.xforce.ibmcloud.com/vulnerabilities/61607http://packetstormsecurity.org/1009-exploits/chillycms-sqlxss.txthttp://secunia.com/advisories/41313http://securityreason.com/securityalert/8437http://www.bugreport.ir/index_73.htmhttp://www.exploit-db.com/exploits/14897http://www.osvdb.org/67835http://www.securityfocus.com/bid/42991http://www.vupen.com/english/advisories/2010/2298https://exchange.xforce.ibmcloud.com/vulnerabilities/61607
2011-10-08
Published