CVE-2010-0726

EPSS 0.52%

tdiary - cross-site scripting

Published: 3/2/2010Modified: 4/28/2026

Description

Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters.

Affected packages (2)

Debian/tdiaryfrom 0, < 2.2.1-1.1
Debian/tdiaryfrom 0, < 2.2.1-1+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-0726