Lucene search

[email protected]CVE-2012-1212

HistoryFeb 24, 2012 - 1:55 p.m.

CVE-2012-1212

2012-02-2413:55:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-1212

cross-site scripting

xss

smw+

semantic enterprise wiki

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.6%

JSON

Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to index.php/Special:FormEdit. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

smwplussmw\+Range≤1.6.0_2

smwplussmw\+Match1.4.4

smwplussmw\+Match1.4.5

smwplussmw\+Match1.4.6

smwplussmw\+Match1.5.0

smwplussmw\+Match1.5.1

smwplussmw\+Match1.5.2

smwplussmw\+Match1.5.3

smwplussmw\+Match1.5.6

smwplussmw\+Match1.5.6-1

smwplussmw\+Match1.6.0

CPENameOperatorVersion
smwplus:smw\+smwplus smw+le1.6.0_2
smwplus:smw\+smwplus smw+eq1.4.4
smwplus:smw\+smwplus smw+eq1.4.5
smwplus:smw\+smwplus smw+eq1.4.6
smwplus:smw\+smwplus smw+eq1.5.0
smwplus:smw\+smwplus smw+eq1.5.1
smwplus:smw\+smwplus smw+eq1.5.2
smwplus:smw\+smwplus smw+eq1.5.3
smwplus:smw\+smwplus smw+eq1.5.6
smwplus:smw\+smwplus smw+eq1.5.6-1

CPE	Name	Operator	Version
smwplus:smw\+	smwplus smw+	le	1.6.0_2
smwplus:smw\+	smwplus smw+	eq	1.4.4
smwplus:smw\+	smwplus smw+	eq	1.4.5
smwplus:smw\+	smwplus smw+	eq	1.4.6
smwplus:smw\+	smwplus smw+	eq	1.5.0
smwplus:smw\+	smwplus smw+	eq	1.5.1
smwplus:smw\+	smwplus smw+	eq	1.5.2
smwplus:smw\+	smwplus smw+	eq	1.5.3
smwplus:smw\+	smwplus smw+	eq	1.5.6
smwplus:smw\+	smwplus smw+	eq	1.5.6-1

Rows per page:

1-10 of 111

References

packetstormsecurity.org/files/109637/SMW-1.5.6-Cross-Site-Scripting.html

secunia.com/advisories/47968

st2tea.blogspot.com/2012/02/smw-enterprise-wiki-156-cross-site.html

www.securityfocus.com/bid/51980

exchange.xforce.ibmcloud.com/vulnerabilities/73167

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.6%

JSON

Related for CVE-2012-1212

cvelist1 nvd1 prion1 openvas1