Vulnerability-Lookup

CVE-2010-0936 (GCVE-0-2010-0936)

Vulnerability from cvelistv5 – Published: 2010-03-08 15:00 – Updated: 2024-08-07 01:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/37646	vdb-entryx_refsource_BID
	http://www.exploit-db.com/exploits/11030	exploitx_refsource_EXPLOIT-DB
	http://www.vupen.com/english/advisories/2010/0083	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/38051	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/61615	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Date Public ?

2010-01-06 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:06:52.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37646",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37646"
          },
          {
            "name": "11030",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/11030"
          },
          {
            "name": "ADV-2010-0083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0083"
          },
          {
            "name": "38051",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38051"
          },
          {
            "name": "61615",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/61615"
          },
          {
            "name": "dkvmip8-auth-xss(55429)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55429"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37646",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37646"
        },
        {
          "name": "11030",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/11030"
        },
        {
          "name": "ADV-2010-0083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0083"
        },
        {
          "name": "38051",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38051"
        },
        {
          "name": "61615",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/61615"
        },
        {
          "name": "dkvmip8-auth-xss(55429)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55429"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0936",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37646",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37646"
            },
            {
              "name": "11030",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/11030"
            },
            {
              "name": "ADV-2010-0083",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0083"
            },
            {
              "name": "38051",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38051"
            },
            {
              "name": "61615",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/61615"
            },
            {
              "name": "dkvmip8-auth-xss(55429)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55429"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0936",
    "datePublished": "2010-03-08T15:00:00.000Z",
    "dateReserved": "2010-03-08T00:00:00.000Z",
    "dateUpdated": "2024-08-07T01:06:52.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2010-0936",
      "date": "2026-05-04",
      "epss": "0.00827",
      "percentile": "0.74566"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0936\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-03-08T15:30:00.513\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en auth.asp en D-LINK DKVM-IP8 con firmware 2282_dlinkA4_p8_20071213, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro nickname.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:d-link:dkvm-ip8:2282_dlinka4_p8_20071213:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAA53D5F-6342-4CB4-A94C-07F49532F041\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/61615\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38051\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/11030\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/37646\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0083\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55429\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/61615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38051\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/11030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/37646\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55429\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2010-0936

Vulnerability from fkie_nvd - Published: 2010-03-08 15:30 - Updated: 2026-04-29 01:13

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/61615
cve@mitre.org	http://secunia.com/advisories/38051	Vendor Advisory
cve@mitre.org	http://www.exploit-db.com/exploits/11030	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/37646	Exploit
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0083	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/55429
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/61615
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38051	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/11030	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37646	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0083	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/55429

Impacted products

	Vendor	Product	Version
	d-link	dkvm-ip8	2282_dlinka4_p8_20071213

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:d-link:dkvm-ip8:2282_dlinka4_p8_20071213:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAA53D5F-6342-4CB4-A94C-07F49532F041",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en auth.asp en D-LINK DKVM-IP8 con firmware 2282_dlinkA4_p8_20071213, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro nickname."
    }
  ],
  "id": "CVE-2010-0936",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-03-08T15:30:00.513",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/61615"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38051"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/11030"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/37646"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0083"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/61615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/11030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/37646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55429"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201003-0357

Vulnerability from variot - Updated: 2025-04-11 20:58

Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. D-LINK DKVM-IP8 is an 8-port KVM switch that can be used to control multiple devices at the same time. DKVM-IP8 does not properly filter the nickname parameter submitted to the auth.asp page and returns it to the user. D-LINK DKVM-IP8 is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ----------------------------------------------------------------------

Accurate Vulnerability Scanning No more false positives, no more false negatives

http://secunia.com/vulnerability_scanning/

TITLE: D-Link DKVM-IP8 "auth.asp" Cross-Site Scripting

SECUNIA ADVISORY ID: SA38051

VERIFY ADVISORY: http://secunia.com/advisories/38051/

DESCRIPTION: A vulnerability has been reported in D-Link DKVM-IP8, which can be exploited by malicious people to conduct cross-site scripting attacks.

SOLUTION: Filter malicious characters and character sequences in a web proxy.

PROVIDED AND/OR DISCOVERED BY: Popcorn

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201003-0357",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dkvm-ip8",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "d link",
        "version": "2282_dlinka4_p8_20071213"
      },
      {
        "model": "dkvm-ip8",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "d link",
        "version": "firmware 2282_dlinka4_p8_20071213"
      },
      {
        "model": "d-link",
        "scope": null,
        "trust": 0.6,
        "vendor": "dkvm ip8",
        "version": null
      },
      {
        "model": "dkvm-ip8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-3531"
      },
      {
        "db": "BID",
        "id": "37646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003886"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-096"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0936"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:d-link:dkvm-ip8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003886"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "POPCORN",
    "sources": [
      {
        "db": "BID",
        "id": "37646"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-096"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2010-0936",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2010-0936",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2010-3531",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-43541",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-0936",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-0936",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2010-3531",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201003-096",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-43541",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-3531"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003886"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-096"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0936"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. D-LINK DKVM-IP8 is an 8-port KVM switch that can be used to control multiple devices at the same time. DKVM-IP8 does not properly filter the nickname parameter submitted to the auth.asp page and returns it to the user. D-LINK DKVM-IP8 is prone to a cross-site scripting vulnerability because the device\u0027s web interface fails to properly sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ----------------------------------------------------------------------\n\n\n\nAccurate Vulnerability Scanning\nNo more false positives, no more false negatives\n\nhttp://secunia.com/vulnerability_scanning/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link DKVM-IP8 \"auth.asp\" Cross-Site Scripting\n\nSECUNIA ADVISORY ID:\nSA38051\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38051/\n\nDESCRIPTION:\nA vulnerability has been reported in D-Link DKVM-IP8, which can be\nexploited by malicious people to conduct cross-site scripting\nattacks. \n\nSOLUTION:\nFilter malicious characters and character sequences in a web proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nPopcorn\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0936"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003886"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-3531"
      },
      {
        "db": "BID",
        "id": "37646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43541"
      },
      {
        "db": "PACKETSTORM",
        "id": "85115"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-43541",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43541"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-0936",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "37646",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "38051",
        "trust": 1.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "11030",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0083",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "61615",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003886",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-096",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-3531",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "8",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "55429",
        "trust": 0.6
      },
      {
        "db": "MISC",
        "id": "HTTP://WWW.EXPLOIT-DB.COM/EXPLOITS/11030",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "14595",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "33471",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-67428",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-86690",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-43541",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "85115",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-3531"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43541"
      },
      {
        "db": "BID",
        "id": "37646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003886"
      },
      {
        "db": "PACKETSTORM",
        "id": "85115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-096"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0936"
      }
    ]
  },
  "id": "VAR-201003-0357",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-3531"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43541"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-3531"
      }
    ]
  },
  "last_update_date": "2025-04-11T20:58:21.027000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.dlink.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003886"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003886"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0936"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/37646"
      },
      {
        "trust": 1.7,
        "url": "http://www.exploit-db.com/exploits/11030"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/61615"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/38051"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2010/0083"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55429"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0936"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0936"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/37646/info"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/55429"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/14595"
      },
      {
        "trust": 0.3,
        "url": "http://www.dlink.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38051/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-3531"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43541"
      },
      {
        "db": "BID",
        "id": "37646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003886"
      },
      {
        "db": "PACKETSTORM",
        "id": "85115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-096"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0936"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-3531"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43541"
      },
      {
        "db": "BID",
        "id": "37646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003886"
      },
      {
        "db": "PACKETSTORM",
        "id": "85115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-096"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0936"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-01-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-3531"
      },
      {
        "date": "2010-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43541"
      },
      {
        "date": "2010-01-06T00:00:00",
        "db": "BID",
        "id": "37646"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-003886"
      },
      {
        "date": "2010-01-14T08:06:40",
        "db": "PACKETSTORM",
        "id": "85115"
      },
      {
        "date": "2010-01-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-096"
      },
      {
        "date": "2010-03-08T15:30:00.513000",
        "db": "NVD",
        "id": "CVE-2010-0936"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-01-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-3531"
      },
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43541"
      },
      {
        "date": "2015-04-13T21:03:00",
        "db": "BID",
        "id": "37646"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-003886"
      },
      {
        "date": "2010-03-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-096"
      },
      {
        "date": "2025-04-11T00:51:21.963000",
        "db": "NVD",
        "id": "CVE-2010-0936"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-096"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "D-LINK DKVM-IP8 auth.asp page cross-site scripting vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-3531"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-096"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "85115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-096"
      }
    ],
    "trust": 0.7
  }
}

GSD-2010-0936

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-0936

Aliases

CVE-2010-0936

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0936",
    "description": "Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.",
    "id": "GSD-2010-0936"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0936"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.",
      "id": "GSD-2010-0936",
      "modified": "2023-12-13T01:21:29.540071Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-0936",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "37646",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37646"
          },
          {
            "name": "11030",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/11030"
          },
          {
            "name": "ADV-2010-0083",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0083"
          },
          {
            "name": "38051",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38051"
          },
          {
            "name": "61615",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/61615"
          },
          {
            "name": "dkvmip8-auth-xss(55429)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55429"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:d-link:dkvm-ip8:2282_dlinka4_p8_20071213:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0936"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38051",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38051"
            },
            {
              "name": "11030",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/11030"
            },
            {
              "name": "61615",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/61615"
            },
            {
              "name": "ADV-2010-0083",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0083"
            },
            {
              "name": "37646",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/37646"
            },
            {
              "name": "dkvmip8-auth-xss(55429)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55429"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-17T01:32Z",
      "publishedDate": "2010-03-08T15:30Z"
    }
  }
}

GHSA-WV69-7R49-CW5H

Vulnerability from github – Published: 2022-05-02 06:17 – Updated: 2022-05-02 06:17

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-08T15:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.",
  "id": "GHSA-wv69-7r49-cw5h",
  "modified": "2022-05-02T06:17:17Z",
  "published": "2022-05-02T06:17:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0936"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55429"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/61615"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38051"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/11030"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37646"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-0936 (GCVE-0-2010-0936)

FKIE_CVE-2010-0936

VAR-201003-0357

GSD-2010-0936

GHSA-WV69-7R49-CW5H

Tags

Sightings

Nomenclature