Description

Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-2032

Related Vulnerabilities

WordPress Plugin Carousel slideshow 'upload.php' Arbitrary File Upload (3.9)

WordPress Plugin 3D Banner Rotator 'upload.php' Arbitrary File Upload (2.1)

WordPress Plugin classyfrieds Arbitrary File Upload (3.8)

Oracle Database Server CVE-2009-0972 Vulnerability (CVE-2009-0972)

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Cross-Site Request Forgery (4.2.3.1)

Severity

Medium

Classification

CVE-2010-2032 CWE-707

Tags

Missing Update Known Vulnerabilities