Vulnerability Details : CVE-2010-4146
Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2010-4146
Probability of exploitation activity in the next 30 days: 0.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4146
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-4146
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4146
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/62564
Attachmate Reflection for the Web unspecified cross-site scripting CVE-2010-4146 Vulnerability Report
-
http://www.securityfocus.com/bid/44123
Attachmate Reflection for the Web Cross Site Scripting Vulnerability
-
http://support.attachmate.com/techdocs/1704.html
Security UpdatesVendor Advisory
Products affected by CVE-2010-4146
- cpe:2.3:a:attachmate:reflection_for_the_web:*:r2:*:*:*:*:*:*
- cpe:2.3:a:attachmate:reflection_for_the_web:*:*:*:*:*:*:*:*
- cpe:2.3:a:attachmate:reflection_for_the_web:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:attachmate:reflection_for_the_web:2008:r1:*:*:*:*:*:*
- cpe:2.3:a:attachmate:reflection_for_the_web:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:attachmate:reflection_for_the_web:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:attachmate:reflection_for_the_web:9.01:*:*:*:*:*:*:*