Lucene search

MitreCVE-2012-1034

HistoryFeb 08, 2012 - 11:55 a.m.

CVE-2012-1034

2012-02-0811:55:03

CWE-79

mitre

web.nvd.nist.gov

nvd

cve-2012-1034

episerver cms

xss

admin interface

web script

html

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

episerverepiserver_cmsMatch5.1.422.4

episerverepiserver_cmsMatch5.1.422.122

episerverepiserver_cmsMatch5.1.422.256

episerverepiserver_cmsMatch5.1.422.267

episerverepiserver_cmsMatch5.2.375.7

episerverepiserver_cmsMatch5.2.375.133

episerverepiserver_cmsMatch5.2.375.236

episerverepiserver_cmsMatch6.0.530.0

episerverepiserver_cmsMatch6.1.379.0

VendorProductVersionCPE
episerverepiserver_cms5.1.422.4cpe:2.3:a:episerver:episerver_cms:5.1.422.4:*:*:*:*:*:*:*
episerverepiserver_cms5.1.422.122cpe:2.3:a:episerver:episerver_cms:5.1.422.122:*:*:*:*:*:*:*
episerverepiserver_cms5.1.422.256cpe:2.3:a:episerver:episerver_cms:5.1.422.256:*:*:*:*:*:*:*
episerverepiserver_cms5.1.422.267cpe:2.3:a:episerver:episerver_cms:5.1.422.267:*:*:*:*:*:*:*
episerverepiserver_cms5.2.375.7cpe:2.3:a:episerver:episerver_cms:5.2.375.7:*:*:*:*:*:*:*
episerverepiserver_cms5.2.375.133cpe:2.3:a:episerver:episerver_cms:5.2.375.133:*:*:*:*:*:*:*
episerverepiserver_cms5.2.375.236cpe:2.3:a:episerver:episerver_cms:5.2.375.236:*:*:*:*:*:*:*
episerverepiserver_cms6.0.530.0cpe:2.3:a:episerver:episerver_cms:6.0.530.0:*:*:*:*:*:*:*
episerverepiserver_cms6.1.379.0cpe:2.3:a:episerver:episerver_cms:6.1.379.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
episerver	episerver_cms	5.1.422.4	cpe:2.3:a:episerver:episerver_cms:5.1.422.4:::::::*
episerver	episerver_cms	5.1.422.122	cpe:2.3:a:episerver:episerver_cms:5.1.422.122:::::::*
episerver	episerver_cms	5.1.422.256	cpe:2.3:a:episerver:episerver_cms:5.1.422.256:::::::*
episerver	episerver_cms	5.1.422.267	cpe:2.3:a:episerver:episerver_cms:5.1.422.267:::::::*
episerver	episerver_cms	5.2.375.7	cpe:2.3:a:episerver:episerver_cms:5.2.375.7:::::::*
episerver	episerver_cms	5.2.375.133	cpe:2.3:a:episerver:episerver_cms:5.2.375.133:::::::*
episerver	episerver_cms	5.2.375.236	cpe:2.3:a:episerver:episerver_cms:5.2.375.236:::::::*
episerver	episerver_cms	6.0.530.0	cpe:2.3:a:episerver:episerver_cms:6.0.530.0:::::::*
episerver	episerver_cms	6.1.379.0	cpe:2.3:a:episerver:episerver_cms:6.1.379.0:::::::*

References

secunia.com/advisories/47910

world.episerver.com/Blogs/Shahid-Nawaz/Dates/2012/1/General-Hotfix-CMS-6-R2/

world.episerver.com/PageFiles/110367/BugList.txt

www.securityfocus.com/bid/51877

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Related for CVE-2012-1034