VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 9, 2011· Updated Apr 29, 2026

CVE-2010-4932

CVE-2010-4932

Description

Cross-site scripting (XSS) vulnerability in search.php in Entrans before 0.3.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting in Entrans search.php via query parameter allows arbitrary script injection; fixed in version 0.3.3.

Vulnerability

The search functionality in Entrans versions prior to 0.3.3 contains a cross-site scripting (XSS) vulnerability. Specifically, the search.php script fails to properly sanitize user input supplied through the query parameter before processing it. An attacker can inject arbitrary web script or HTML via this parameter, and the payload will be reflected in the response page without proper escaping.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL containing the XSS payload in the query parameter and luring a victim to click on it. No authentication or special privileges are required; the attacker only needs to convince the user to visit the crafted link. The injected script executes in the context of the victim's session on the vulnerable Entrans instance.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser. This can lead to session hijacking, cookie theft, defacement, or redirection to malicious sites. The impact is limited by the privileges of the victim's session within the Entrans application.

Mitigation

Users should upgrade to Entrans version 0.3.3 or later, which contains the fix for this vulnerability. As of the available references [1], no workarounds have been documented, and upgrading is the recommended remediation.

References
  1. About Secunia Research | Flexera

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Khader Abbeb/Entrans6 versions
    cpe:2.3:a:khader_abbeb:entrans:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:khader_abbeb:entrans:*:*:*:*:*:*:*:*range: <=0.3.2
    • cpe:2.3:a:khader_abbeb:entrans:0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:khader_abbeb:entrans:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:khader_abbeb:entrans:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:khader_abbeb:entrans:0.3.1:*:*:*:*:*:*:*
    • (no CPE)range: <0.3.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.