Lucene search

JpcertCVE-2012-0311

HistoryJan 26, 2012 - 3:55 p.m.

CVE-2012-0311

2012-01-2615:55:01

CWE-79

jpcert

web.nvd.nist.gov

oscommerce

xss

security

vulnerability

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

57.2%

JSON

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

oscommerceoscommerceMatch2.2ms1j-r1

oscommerceoscommerceMatch2.2ms1j-r2

oscommerceoscommerceMatch2.2ms1j-r3

oscommerceoscommerceMatch2.2ms1j-r4

oscommerceoscommerceMatch2.2ms1j-r5

oscommerceoscommerceMatch2.2ms1j-r6a

oscommerceoscommerceMatch2.2ms1j-r7

oscommerceoscommerceMatch2.2ms1j-r8

VendorProductVersionCPE
oscommerceoscommerce2.2ms1j-r1cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r1:*:*:*:*:*:*:*
oscommerceoscommerce2.2ms1j-r2cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r2:*:*:*:*:*:*:*
oscommerceoscommerce2.2ms1j-r3cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r3:*:*:*:*:*:*:*
oscommerceoscommerce2.2ms1j-r4cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r4:*:*:*:*:*:*:*
oscommerceoscommerce2.2ms1j-r5cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r5:*:*:*:*:*:*:*
oscommerceoscommerce2.2ms1j-r6acpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r6a:*:*:*:*:*:*:*
oscommerceoscommerce2.2ms1j-r7cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r7:*:*:*:*:*:*:*
oscommerceoscommerce2.2ms1j-r8cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oscommerce	oscommerce	2.2ms1j-r1	cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r1:::::::*
oscommerce	oscommerce	2.2ms1j-r2	cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r2:::::::*
oscommerce	oscommerce	2.2ms1j-r3	cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r3:::::::*
oscommerce	oscommerce	2.2ms1j-r4	cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r4:::::::*
oscommerce	oscommerce	2.2ms1j-r5	cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r5:::::::*
oscommerce	oscommerce	2.2ms1j-r6a	cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r6a:::::::*
oscommerce	oscommerce	2.2ms1j-r7	cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r7:::::::*
oscommerce	oscommerce	2.2ms1j-r8	cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r8:::::::*

References

jvn.jp/en/jp/JVN36559450/index.html

jvndb.jvn.jp/jvndb/JVNDB-2012-000004

sourceforge.jp/forum/forum.php?forum_id=28119

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

57.2%

JSON

Related for CVE-2012-0311