CVE-2010-2103

Apache Axis2 1.4.1-1.5.1 - Cross-Site Scripting via Modules Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2103. PoCs published by Richard Brain.

AI-analyzed exploit summary This exploit demonstrates an authenticated Cross-Site Scripting (XSS) vulnerability in Apache Axis2 administration console. The PoC shows how an attacker can inject a malicious script into the 'modules' parameter, which executes in the context of the user's session.

Description

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC

by Richard Brain · textwebappsmultiple

https://www.exploit-db.com/exploits/12689

View Code ZIP pw:eip

This exploit demonstrates an authenticated Cross-Site Scripting (XSS) vulnerability in Apache Axis2 administration console. The PoC shows how an attacker can inject a malicious script into the 'modules' parameter, which executes in the context of the user's session.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Apache Axis2 1.4.1

Auth required

Prerequisites: Authenticated access to the Axis2 administration console

MITRE ATT&CK