Cross-Site Scripting Vulnerability in Apache Axis2 Administration Console
CVE-2010-2103

Currently unrated

Key Information:

Vendor: Apache
Status: Axis2
Vendor: CVE Published:; 27 May 2010

Summary

An XSS vulnerability exists in the Apache Axis2 administration console, specifically within the axis2-admin module. This flaw permits remote attackers to exploit the modules parameter, leading to the injection of arbitrary web scripts or HTML. This issue affects Apache Axis2 in versions 1.4.1 and 1.5.1, and is likely present in other versions as well. Various third-party products utilizing the affected versions, such as SAP Business Objects and 3com IMC, are also at risk. Successful exploitation can result in unauthorized actions and compromise of user sessions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/58790

vdb-entryx_refsource_XF

http://secunia.com/advisories/39906

third-party-advisoryx_refsource_SECUNIA

http://www.exploit-db.com/exploits/12689

exploitx_refsource_EXPLOIT-DB

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 27, 2010
Vulnerability Reserved
May 27, 2010