CVE-2010-4275

Dmasoftlab Radius Manager - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Rodrigo Rubira Branco · textwebappsphp
https://www.exploit-db.com/exploits/35120
exploitdb WRITEUP
by Rodrigo Rubira Branco · textwebappsphp
https://www.exploit-db.com/exploits/15766

References (4)

Scores

EPSS 0.0014
EPSS Percentile 34.5%

Classification

CWE
CWE-79
Status published

Affected Products (2)

dmasoftlab/radius_manager
n/a/n/a

Timeline

Published Dec 22, 2010
Tracked Since Feb 18, 2026