CVE-2010-2103 – org.apache.axis2.wso2:axis2

Package

Manager: maven
Name: org.apache.axis2.wso2:axis2
Vulnerable Version: >=1.4.1 <1.6.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.21768 pctl0.95535

Details

Improper Neutralization of Input During Web Page Generation in Apache Axis2 Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

Metadata

Created: 2022-05-14T02:44:30Z
Modified: 2022-07-08T18:52:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-23x8-j7hm-5xwf/GHSA-23x8-j7hm-5xwf.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-23x8-j7hm-5xwf
Finding: F008
Auto approve: 1