{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T01:46:26.717","vulnerabilities":[{"cve":{"id":"CVE-2010-3890","sourceIdentifier":"cve@mitre.org","published":"2010-11-12T21:00:03.267","lastModified":"2026-04-29T01:13:23.040","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do."},{"lang":"es","value":"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en IBM OmniFind Enterprise Edition anterior v9.1 permite a atacantse remotos inyectar código web o HTML de su elección a través del parámetro command en la interfaz de adminsitración, como ha sido demostrado con el comando ESAdmin/collection.do."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:omnifind:*:-:enterprise:*:*:*:*:*","versionEndIncluding":"9.0","matchCriteriaId":"4ADB4024-0132-48C0-80A3-83A5898076B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*","matchCriteriaId":"96D7BDA2-53EE-44A5-BA8E-DC1224B8B8E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*","matchCriteriaId":"C73CA22A-FD69-43A1-AFC8-03A82D971AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*","matchCriteriaId":"6929217A-6689-460E-88AC-919B26A5C328"}]}]}],"references":[{"url":"http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.securityfocus.com/archive/1/514688/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/44740","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.vupen.com/english/advisories/2010/2933","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.securityfocus.com/archive/1/514688/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/44740","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.vupen.com/english/advisories/2010/2933","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}