Unrated severityNVD Advisory· Published Jul 25, 2010· Updated Apr 29, 2026
CVE-2010-2849
CVE-2010-2849
Description
Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter.
Affected products
6cpe:2.3:a:nusoftware:nubuilder:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:nusoftware:nubuilder:*:*:*:*:*:*:*:*range: <=10.04.20
- cpe:2.3:a:nusoftware:nubuilder:09.06.10:*:*:*:*:*:*:*
- cpe:2.3:a:nusoftware:nubuilder:09.06.26:*:*:*:*:*:*:*
- cpe:2.3:a:nusoftware:nubuilder:09.07.24:*:*:*:*:*:*:*
- cpe:2.3:a:nusoftware:nubuilder:09.08.20:*:*:*:*:*:*:*
- cpe:2.3:a:nusoftware:nubuilder:09.09.23:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.nubuilder.com/nubuilderwww/change.phpnvdPatchVendor Advisory
- cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-reflected-xss.htmlnvdExploit
- packetstormsecurity.org/1007-exploits/nubuilder-xss.txtnvdExploit
- www.osvdb.org/66005nvdExploit
- www.securityfocus.com/bid/41404nvdExploit
- secunia.com/advisories/40483nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1726nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/60137nvd
News mentions
0No linked articles in our index yet.