Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yM3g4LWo3aG0tNXh3Zs4AAV7Y
Improper Neutralization of Input During Web Page Generation in Apache Axis2
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Permalink: https://github.com/advisories/GHSA-23x8-j7hm-5xwfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yM3g4LWo3aG0tNXh3Zs4AAV7Y
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-23x8-j7hm-5xwf, CVE-2010-2103
References:
- https://nvd.nist.gov/vuln/detail/CVE-2010-2103
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58790
- https://kb.juniper.net/KB27373
- http://osvdb.org/64844
- http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
- http://www.exploit-db.com/exploits/12689
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03
- https://github.com/advisories/GHSA-23x8-j7hm-5xwf
Affected Packages
maven:org.apache.axis2.wso2:axis2
Affected Version Ranges: >= 1.4.1, < 1.6.0Fixed in: 1.6.0