CVE-2010-2852

RunCms 2.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

References (5)

[Exploit] http://cross-site-scripting.blogspot.com/2010/07/runcms-21-magpie-rss-module-reflected.html

[Exploit] http://osvdb.org/66244

[Vendor Advisory] http://secunia.com/advisories/40521

[Exploit] http://www.securityfocus.com/bid/41551

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/60224

Scores

EPSS 0.0045

EPSS Percentile 63.2%

Classification

CWE

CWE-79

Status published

Affected Products (2)

runcms/runcms

n/a/n/a

Timeline

Published Jul 25, 2010

Tracked Since Feb 18, 2026