CVE-2010-2086

medium

Apache

CVSS v3 Base Score

4.0

AV:N/AC:H/Au:N/C:P/I:P/A:N

EPSS Score

2.9%

Exploitation probability in 30 days

Top 14% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Confidentiality

Integrity

Availability

None

Published: May 27, 2010 (5831 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

CWE

CWE-79

Affected Products

apache myfaces

References

🔗 www.blackhat.com 🔗 www.trustwave.com 🔗 www.blackhat.com 🔗 www.trustwave.com

CVE-2010-2086

Vulnerability Report

Description

CWE

Affected Products

References