Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-06-14T18:00:00

Updated: 2024-08-07T02:25:07.562Z

Reserved: 2010-06-11T00:00:00

Link: CVE-2010-2265

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-06-15T14:04:24.360

Modified: 2024-11-21T01:16:16.530

Link: CVE-2010-2265

cve-icon Redhat

No data.