Lucene search

[email protected]CVE-2012-1110

HistorySep 06, 2012 - 6:55 p.m.

CVE-2012-1110

2012-09-0618:55:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-1110

cross-site scripting

xss

etano 1.22

security vulnerability

web script injection

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php.

Affected configurations

NVD

Node

datemilletanoRange≤1.22

CPENameOperatorVersion
datemill:etanodatemill etanole1.22

CPE	Name	Operator	Version
datemill:etano	datemill etano	le	1.22

References

archives.neohapsis.com/archives/bugtraq/2012-03/0013.html

secunia.com/advisories/48165

www.openwall.com/lists/oss-security/2012/03/05/15

www.openwall.com/lists/oss-security/2012/03/05/21

www.osvdb.org/79827

www.osvdb.org/79828

www.osvdb.org/79829

www.osvdb.org/79830

www.securityfocus.com/bid/52295

yehg.net/lab/pr0js/advisories/%5Betano_1.2.x%5D_xss

exchange.xforce.ibmcloud.com/vulnerabilities/73669

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

Related for CVE-2012-1110

prion1 cvelist1 nvd1