Lucene search

[email protected]CVE-2012-1410

HistoryFeb 29, 2012 - 11:55 a.m.

CVE-2012-1410

2012-02-2911:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-1410

cross-site scripting

xss

kadu

security vulnerability

nvd

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.

CPENameOperatorVersion
kadu:kadukadueq0.11.0
kadu:kadukadueq0.9.0
kadu:kadukadueq0.10.0

CPE	Name	Operator	Version
kadu:kadu	kadu	eq	0.11.0
kadu:kadu	kadu	eq	0.9.0
kadu:kadu	kadu	eq	0.10.0

References

www.openwall.com/lists/oss-security/2012/02/27/26

www.openwall.com/lists/oss-security/2012/02/27/3

bugzilla.novell.com/show_bug.cgi?id=749036

bugzilla.redhat.com/show_bug.cgi?id=797777

gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6

gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0

gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84

gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.2%

JSON

Related for CVE-2012-1410

prion1 ubuntucve1 debiancve1 cve4