PT-2010-5432 · Dadabik · Dadabik

Published

2010-12-01

Updated

2017-08-17

CVE-2010-4355

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions DaDaBIK versions prior to 4.3 beta2

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via the select single parameter when the insert or edit feature is enabled. This is a cross-site scripting (XSS) issue.

Recommendations For versions prior to 4.3 beta2, update to version 4.3 beta2 or later to resolve the issue. As a temporary workaround, consider disabling the insert or edit feature until a patch is available. Avoid using the select single parameter in affected features until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2010-4355

Affected Products

Dadabik

PT-2010-5432 · Dadabik · Dadabik

CVE-2010-4355

Weakness Enumeration

Related Identifiers

Affected Products

References · 6