Unrated severityNVD Advisory· Published Jun 9, 2010· Updated Apr 29, 2026

CVE-2010-2260

Description

Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design Bandwidth Meter, 0.72 and possibly 1.2, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) view_by_name.php or (2) view_by_ip.php in admin/. NOTE: some sources report that the affected product is ShaPlus Bandwidth Meter, but this is incorrect.

Affected products

Gambitdesign/Bandwidth Meter2 versions
cpe:2.3:a:gambitdesign:bandwidth_meter:0.72:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gambitdesign:bandwidth_meter:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:gambitdesign:bandwidth_meter:1.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/1001-exploits/bandwidthmeter-xss.txtnvdExploit
secunia.com/advisories/38012nvdVendor Advisory
www.exploit-db.com/exploits/10926nvd
exchange.xforce.ibmcloud.com/vulnerabilities/55307nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000