CVE-2010-2103
Published: 27 May 2010
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Notes
Author | Note |
---|---|
mdeslaur | this is axis2, not the axis source package in Debian/ubuntu |
Priority
Status
Package | Release | Status |
---|---|---|
axis Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(code not present)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Not vulnerable
(code not present)
|
|
precise |
Not vulnerable
(code not present)
|
|
quantal |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|