CVE-2015-10010 LOW

CVE-2015-10010: OpenDNS OpenResolve API endpoints.py get cross site scripting

Vendor Opendns

Product OpenResolve

Weakness CWE-79 · XSS

Published January 2, 2023

Last update April 10, 2025

View on NVD All CVEs

CVSS base score

3.1/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The name of the patch is c680170d5583cd9342fe1af43001fe8b2b8004dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217196.

Key dates

02Disclosure timeline

January 2, 2023 CVE published

April 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2015-10010 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2015-10010: OpenDNS OpenResolve API endpoints.py get cross site scripting

01Description

02Disclosure timeline

03References

04Related CVE