Moderate severityNVD Advisory· Published May 27, 2010· Updated Apr 29, 2026

CVE-2010-2103

Description

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.axis2.wso2:axis2Maven	>= 1.4.1, < 1.6.0	1.6.0

Affected products

Apache/Axis22 versions
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/64844nvdExploitWEB
www.exploit-db.com/exploits/12689nvdExploitWEB
www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03nvdExploitWEB
www.securityfocus.com/bid/40327nvdExploit
secunia.com/advisories/39906nvdVendor Advisory
www.vupen.com/english/advisories/2010/1215nvdVendor Advisory
github.com/advisories/GHSA-23x8-j7hm-5xwfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2010-2103ghsaADVISORY
spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdfnvdWEB
exchange.xforce.ibmcloud.com/vulnerabilities/58790nvdWEB
kb.juniper.net/KB27373nvdWEB
www.securityfocus.com/archive/1/511404/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.022
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000