CVE-2010-2849

Name: CVE-2010-2849
Creator: NVD / NIST
Published: 2010-07-25T02:04:13.843+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.07%

Last modified Jun 16, 2026

CVE-2010-2849 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter.. EPSS estimates a 2.07% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter.

Metrics

EPSS Probability

2.07%

78.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Nusoftware	Nubuilder	<= 10.04.20
Nusoftware	Nubuilder	09.06.10
Nusoftware	Nubuilder	09.06.26
Nusoftware	Nubuilder	09.07.24
Nusoftware	Nubuilder	09.08.20
Nusoftware	Nubuilder	09.09.23

References

http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-reflected-xss.htmlExploit
http://packetstormsecurity.org/1007-exploits/nubuilder-xss.txtExploit
http://secunia.com/advisories/40483Vendor Advisory
http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fabPatch, Vendor Advisory
http://www.osvdb.org/66005Exploit
http://www.securityfocus.com/bid/41404Exploit
http://www.vupen.com/english/advisories/2010/1726Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60137
http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-reflected-xss.htmlExploit
http://packetstormsecurity.org/1007-exploits/nubuilder-xss.txtExploit
http://secunia.com/advisories/40483Vendor Advisory
http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fabPatch, Vendor Advisory
http://www.osvdb.org/66005Exploit
http://www.securityfocus.com/bid/41404Exploit
http://www.vupen.com/english/advisories/2010/1726Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60137

Timeline

Published: Jul 25, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-2849?

How severe is CVE-2010-2849?

Severity scoring for CVE-2010-2849 is pending analysis. The EPSS model estimates a 2.07% probability of exploitation in the next 30 days.

How do I fix CVE-2010-2849?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-2849?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST