CVE-2010-1625

Malcom BOX Lxr Cross Referencer < 0.9.6 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448.

References (6)

[Product] http://sourceforge.net/projects/lxr/files/stable/lxr-0.9.7/ChangeLog/download

[Mailing List] http://www.openwall.com/lists/oss-security/2010/05/03/7

[Mailing List] http://www.openwall.com/lists/oss-security/2010/05/06/2

[Mailing List] http://www.openwall.com/lists/oss-security/2010/05/14/3

[Mailing List] http://marc.info/?l=oss-security&m=127289957223005&w=2

[Mailing List] http://marc.info/?l=oss-security&m=127316953819027&w=2

Scores

EPSS 0.0041

EPSS Percentile 60.8%

Classification

CWE

CWE-79

Status published

Affected Products (12)

malcom_box/lxr_cross_referencer < 0.9.6

malcom_box/lxr_cross_referencer

malcom_box/lxr_cross_referencer

malcom_box/lxr_cross_referencer

malcom_box/lxr_cross_referencer

malcom_box/lxr_cross_referencer

malcom_box/lxr_cross_referencer

malcom_box/lxr_cross_referencer

malcom_box/lxr_cross_referencer

malcom_box/lxr_cross_referencer

malcom_box/lxr_cross_referencer

n/a/n/a

Timeline

Published Jun 24, 2010

Tracked Since Feb 18, 2026