Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for skeletonz_cms_1.0 by amix

    CVE-2010-4734 (GCVE-0-2010-4734)

    Vulnerability from nvd – Published: 2011-02-16 01:00 – Updated: 2024-08-07 03:55
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/45081 vdb-entryx_refsource_BID
    http://www.osvdb.org/69514 vdb-entryx_refsource_OSVDB
    http://securityreason.com/securityalert/8081 third-party-advisoryx_refsource_SREASON
    http://packetstormsecurity.org/files/view/96151/s… x_refsource_MISC
    http://secunia.com/advisories/42385 third-party-advisoryx_refsource_SECUNIA
    http://www.exploit-db.com/exploits/15625 exploitx_refsource_EXPLOIT-DB
    Date Public
    2010-11-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:55:35.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45081",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45081"
              },
              {
                "name": "69514",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/69514"
              },
              {
                "name": "8081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8081"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txt"
              },
              {
                "name": "42385",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42385"
              },
              {
                "name": "15625",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/15625"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-11-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-09-22T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "45081",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45081"
            },
            {
              "name": "69514",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/69514"
            },
            {
              "name": "8081",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8081"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txt"
            },
            {
              "name": "42385",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42385"
            },
            {
              "name": "15625",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/15625"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-4734",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45081",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/45081"
                },
                {
                  "name": "69514",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/69514"
                },
                {
                  "name": "8081",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8081"
                },
                {
                  "name": "http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txt",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txt"
                },
                {
                  "name": "42385",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42385"
                },
                {
                  "name": "15625",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/15625"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-4734",
        "datePublished": "2011-02-16T01:00:00.000Z",
        "dateReserved": "2011-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:55:35.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4734 (GCVE-0-2010-4734)

    Vulnerability from cvelistv5 – Published: 2011-02-16 01:00 – Updated: 2024-08-07 03:55
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/45081 vdb-entryx_refsource_BID
    http://www.osvdb.org/69514 vdb-entryx_refsource_OSVDB
    http://securityreason.com/securityalert/8081 third-party-advisoryx_refsource_SREASON
    http://packetstormsecurity.org/files/view/96151/s… x_refsource_MISC
    http://secunia.com/advisories/42385 third-party-advisoryx_refsource_SECUNIA
    http://www.exploit-db.com/exploits/15625 exploitx_refsource_EXPLOIT-DB
    Date Public
    2010-11-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:55:35.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45081",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45081"
              },
              {
                "name": "69514",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/69514"
              },
              {
                "name": "8081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8081"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txt"
              },
              {
                "name": "42385",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42385"
              },
              {
                "name": "15625",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/15625"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-11-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-09-22T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "45081",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45081"
            },
            {
              "name": "69514",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/69514"
            },
            {
              "name": "8081",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8081"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txt"
            },
            {
              "name": "42385",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42385"
            },
            {
              "name": "15625",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/15625"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-4734",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45081",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/45081"
                },
                {
                  "name": "69514",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/69514"
                },
                {
                  "name": "8081",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8081"
                },
                {
                  "name": "http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txt",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txt"
                },
                {
                  "name": "42385",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42385"
                },
                {
                  "name": "15625",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/15625"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-4734",
        "datePublished": "2011-02-16T01:00:00.000Z",
        "dateReserved": "2011-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:55:35.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }