Published: 27/05/2010 Updated: 10/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote malicious users to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheAxis21.4.1, 1.5.1


PR10-03 Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console Source: wwwprocheckupcom/vulnerability_manager/vulnerabilities/pr10-03 Advisory publicly released: Friday, 21 May 2010 Vulnerability found: Saturday, 30 January 2010 Severity level: Medium Credits Richard Brain of ProCheckUp Ltd ...

Github Repositories