CVE-2010-3890

IBM Omnifind < 9.0 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do.

References (4)

[Exploit] http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/514688/100/0/threaded

[Exploit] http://www.securityfocus.com/bid/44740

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/2933

Scores

EPSS 0.0026

EPSS Percentile 48.7%

Classification

CWE

CWE-79

Status published

Affected Products (5)

ibm/omnifind < 9.0

ibm/omnifind

ibm/omnifind

ibm/omnifind

n/a/n/a

Timeline

Published Nov 12, 2010

Tracked Since Feb 18, 2026