{"id":"CVE-2010-1594","details":"Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter.  NOTE: some of these details are obtained from third party information.","modified":"2026-01-27T04:10:15.917631Z","published":"2010-04-28T23:30:00Z","withdrawn":"2026-01-27T04:10:15.917631Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/38311"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"},{"type":"EVIDENCE","url":"http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt"},{"type":"WEB","url":"http://osvdb.org/61943"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55874"}],"schema_version":"1.7.3"}