VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-8uy7-21ts-b3aj

Essentials
Severities (22)
References (20)
Severity details (9)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-8uy7-21ts-b3aj
Aliases	CVE-2010-2103 GHSA-23x8-j7hm-5xwf
Summary	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Status	Published
Exploitability	2.0
Weighted Severity	6.2
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://osvdb.org/64844
epss	0.21768	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.21768	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.21768	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.21768	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.21768	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.21768	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.26903	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.26903	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.26903	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.26903	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.26903	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.26903	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
epss	0.26903	https://api.first.org/data/v1/epss?cve=CVE-2010-2103
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/58790
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-23x8-j7hm-5xwf
generic_textual	MODERATE	https://kb.juniper.net/KB27373
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2010-2103
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2010-2103
generic_textual	MODERATE	http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
generic_textual	MODERATE	http://www.exploit-db.com/exploits/12689
generic_textual	MODERATE	http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03

Reference id	Reference type	URL
		http://osvdb.org/64844
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2103.json
		https://api.first.org/data/v1/epss?cve=CVE-2010-2103
		http://secunia.com/advisories/39906
		https://exchange.xforce.ibmcloud.com/vulnerabilities/58790
		https://kb.juniper.net/KB27373
		http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
		http://www.exploit-db.com/exploits/12689
		http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03
		http://www.securityfocus.com/archive/1/511404/100/0/threaded
		http://www.securityfocus.com/bid/40327
		http://www.vupen.com/english/advisories/2010/1215
624026		https://bugzilla.redhat.com/show_bug.cgi?id=624026
cpe:2.3:a:3com:intelligent_management_center::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:3com:intelligent_management_center::::::::
cpe:2.3:a:apache:axis2:1.4.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:axis2:1.4.1:::::::*
cpe:2.3:a:apache:axis2:1.5.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:axis2:1.5.1:::::::*
cpe:2.3:a:sap:business_objects:12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sap:business_objects:12:::::::*
CVE-2010-2103		https://nvd.nist.gov/vuln/detail/CVE-2010-2103
GHSA-23x8-j7hm-5xwf		https://github.com/advisories/GHSA-23x8-j7hm-5xwf
OSVDB-64844;CVE-2010-2103	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/12689.txt

Data source	Exploit-DB
Date added	May 20, 2010
Description	Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting
Ransomware campaign use	Unknown
Source publication date	May 21, 2010
Exploit type	webapps
Platform	multiple
Source update date	Dec. 19, 2016

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2010-2103

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Percentile	0.95713
EPSS Score	0.21768
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:50:30.073125+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.axis2.wso2/axis2/CVE-2010-2103.yml	38.0.0