CVE-2010-3023
DiamondList 0.1.6 - XSS
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/34414
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/34413
References (10)
Scores
EPSS
0.1326
EPSS Percentile
94.1%
Classification
CWE
CWE-79
Status
published
Affected Products (2)
hulihanapplications/diamondlist
n/a/n/a
Timeline
Published
Aug 16, 2010
Tracked Since
Feb 18, 2026