CVE-2010-1328 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tornadostore	Tornadostore

Configuration 1 [-]

cpe:2.3:a:tornadostore:tornadostore:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-xss-0107.php
http://www.securityfocus.com/bid/41233
https://exchange.xforce.ibmcloud.com/vulnerabilities/59951

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-07-06T14:00:00

Updated: 2024-08-07T01:21:18.174Z

Reserved: 2010-04-08T00:00:00

Link: CVE-2010-1328

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-07-06T17:17:13.170

Modified: 2024-11-21T01:14:09.450

Link: CVE-2010-1328

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-06-29T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "41233", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/41233"}, {"name": "tornadostore-multiple-xss(59951)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59951"}, {"tags": ["x_refsource_MISC"], "url": "http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-xss-0107.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "41233", "refsource": "BID", "url": "http://www.securityfocus.com/bid/41233"}, {"name": "tornadostore-multiple-xss(59951)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59951"}, {"name": "http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-xss-0107.php", "refsource": "MISC", "url": "http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-xss-0107.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:21:18.174Z"}, "title": "CVE Program Container", "references": [{"name": "41233", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/41233"}, {"name": "tornadostore-multiple-xss(59951)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59951"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-xss-0107.php"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1328", "datePublished": "2010-07-06T14:00:00", "dateReserved": "2010-04-08T00:00:00", "dateUpdated": "2024-08-07T01:21:18.174Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tornadostore:tornadostore:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D36B3D6-B89F-40DD-BFDE-F1806CB5A64D", "versionEndIncluding": "1.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section."}, {"lang": "es", "value": "M\u00faltiples secuencias de comandos en sitios cruzados (XSS) en TornadoStore v1.4.3 y anteriores permite a atacantes remotso inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de par\u00e1metro (1) tipo o (2) destino en login_registrese.php3 en la secci\u00f3n Services , (3) el par\u00e1metro rubro en precios.php3 en la secci\u00f3n Products, (4) el par\u00e1metro arti en recomenda_articulo.php3 en la secci\u00f3n Products, (5) el par\u00e1metro descrip en una acci\u00f3n en control/abm_det.php3 en la secci\u00f3n e-Commerce, (6) el par\u00e1metro tit en una acci\u00f3n delivery_courier en control/abm_list.php3 en la secci\u00f3n e-Commerce o (7) el par\u00e1metro tit en una acci\u00f3n usuario en control/abm_det.php3 en la secci\u00f3n e-Commerce."}], "id": "CVE-2010-1328", "lastModified": "2024-11-21T01:14:09.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-07-06T17:17:13.170", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-xss-0107.php"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/41233"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-xss-0107.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/41233"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59951"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}