Sign-up

ID

VAR-201002-0210


CVE

CVE-2010-0641


TITLE

CCS of webline/html/admin/wcs/LoginPage.jhtml Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2010-003847

DESCRIPTION

Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Cisco Collaboration Server 5 is vulnerable; other versions may be affected as well. NOTE: The vendor has discontinued this product

Trust: 1.98

sources: NVD: CVE-2010-0641 // JVNDB: JVNDB-2010-003847 // BID: 38201 // VULHUB: VHN-43246

AFFECTED PRODUCTS

vendor:ciscomodel:collaboration serverscope:eqversion:5.0

Trust: 2.7

sources: BID: 38201 // JVNDB: JVNDB-2010-003847 // CNNVD: CNNVD-201002-162 // NVD: CVE-2010-0641

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0641
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0641
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201002-162
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43246
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0641
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-43246
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43246 // JVNDB: JVNDB-2010-003847 // CNNVD: CNNVD-201002-162 // NVD: CVE-2010-0641

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-43246 // JVNDB: JVNDB-2010-003847 // NVD: CVE-2010-0641

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201002-162

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201002-162

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-003847

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-43246

PATCH
title:Top Pageurl:http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-003847

EXTERNAL IDS
db:NVDid:CVE-2010-0641
Trust: 2.8
db:BIDid:38201
Trust: 2.0
db:EXPLOIT-DBid:11403
Trust: 1.7
db:JVNDBid:JVNDB-2010-003847
Trust: 0.8
db:CNNVDid:CNNVD-201002-162
Trust: 0.7
db:XFid:56220
Trust: 0.6
db:SEEBUGid:SSVID-67679
Trust: 0.1
db:VULHUBid:VHN-43246
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43246 // 
            
            
            
            BID: 38201 // 
            
            
            
            JVNDB: JVNDB-2010-003847 // 
            
            
            
            CNNVD: CNNVD-201002-162 // 
            
            
            
            NVD: CVE-2010-0641

REFERENCES
url:http://www.securityfocus.com/bid/38201
Trust: 1.7
url:http://www.exploit-db.com/exploits/11403
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/56220
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0641
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0641
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/56220
Trust: 0.6
url:http://www.cisco.com/en/us/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-43246 // 
            
            
            
            BID: 38201 // 
            
            
            
            JVNDB: JVNDB-2010-003847 // 
            
            
            
            CNNVD: CNNVD-201002-162 // 
            
            
            
            NVD: CVE-2010-0641

CREDITS
s4squatch
Trust: 0.9
sources:
            
            
            BID: 38201 // 
            
            
            
            CNNVD: CNNVD-201002-162

SOURCES
db:VULHUBid:VHN-43246
db:BIDid:38201
db:JVNDBid:JVNDB-2010-003847
db:CNNVDid:CNNVD-201002-162
db:NVDid:CVE-2010-0641

LAST UPDATE DATE
2025-04-11T23:13:09.001000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-43246date:2017-08-17T00:00:00
db:BIDid:38201date:2015-04-13T21:02:00
db:JVNDBid:JVNDB-2010-003847date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201002-162date:2010-02-18T00:00:00
db:NVDid:CVE-2010-0641date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-43246date:2010-02-17T00:00:00
db:BIDid:38201date:2010-02-11T00:00:00
db:JVNDBid:JVNDB-2010-003847date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201002-162date:2010-02-17T00:00:00
db:NVDid:CVE-2010-0641date:2010-02-17T18:30:00.540