Lucene search

MitreCVE-2012-1027

HistoryFeb 08, 2012 - 12:55 a.m.

CVE-2012-1027

2012-02-0800:55:02

CWE-79

mitre

web.nvd.nist.gov

cve

2012

1027

cross-site scripting

xss

vulnerability

project-open

3.4.x

3.5.0.1-2

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.011

Percentile

84.2%

JSON

Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed.

Affected configurations

Nvd

Node

project-open\]project-open\[Match3.4.0

project-open\]project-open\[Match3.5.0.1-2

VendorProductVersionCPE
project-open\]project-open\[3.4.0cpe:2.3:a:project-open:\]project-open\[:3.4.0:*:*:*:*:*:*:*
project-open\]project-open\[3.5.0.1-2cpe:2.3:a:project-open:\]project-open\[:3.5.0.1-2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
project-open	\]project-open\[	3.4.0	cpe:2.3:a:project-open:\]project-open\[:3.4.0:::::::*
project-open	\]project-open\[	3.5.0.1-2	cpe:2.3:a:project-open:\]project-open\[:3.5.0.1-2:::::::*

References

dl.packetstormsecurity.net/1202-exploits/projectopen-xss.txt

osvdb.org/78823

secunia.com/advisories/47854

www.kb.cert.org/vuls/id/732115

www.securityfocus.com/bid/51842

exchange.xforce.ibmcloud.com/vulnerabilities/72952

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.011

Percentile

84.2%

JSON

Related for CVE-2012-1027