CVE-2010-3420
Description
Cross-site scripting (XSS) vulnerability in Products_Results.php in PowerStore 3.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_WADAProducts parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
PowerStore 3.0 is vulnerable to reflected XSS via the totalRows_WADAProducts parameter in Products_Results.php, allowing arbitrary script injection.
Vulnerability
PowerStore 3.0 contains a reflected Cross-Site Scripting (XSS) vulnerability in Products_Results.php. The totalRows_WADAProducts parameter is not properly sanitized before being returned to the user, allowing injection of arbitrary HTML and script code. Affected versions include PowerStore 3.0 and possibly other versions [1].
Exploitation
An attacker can exploit this by crafting a malicious URL with injected script in the totalRows_WADAProducts parameter and tricking a user into clicking it. No authentication is required; the user must be logged into the PowerStore application for the script to execute in the context of the session [1].
Impact
Successful exploitation allows the attacker to execute arbitrary HTML and JavaScript in the victim's browser within the context of the affected PowerStore site. This can lead to session hijacking, defacement, or theft of sensitive information [1].
Mitigation
As of the advisory, no official patch is available. The suggested workaround is to filter malicious characters and character sequences in a web proxy. Users should monitor for updates from WebAssist or consider upgrading to a newer, patched version [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- cpe:2.3:a:webassist:powerstore:3.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.