Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5064

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-5064
Last Modified 08 Oct 2012 12:00:00
Published 08 Oct 2012 06:47:44
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-5064

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php.

Vulnerable Systems

Application

  • Vwar Virtual War 1.6.1


References

FULLDISC - 20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities

MISC - http://dmcdonald.net/vwar.txt


Last Updated: 27 May 2016 11:00:52