Lucene search

RedhatCVE-2012-1575

HistoryApr 22, 2012 - 6:55 p.m.

CVE-2012-1575

2012-04-2218:55:04

CWE-79

redhat

web.nvd.nist.gov

cve-2012-1575

xss

vulnerabilities

cumin

r5238

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

74.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages.

Affected configurations

Nvd

Node

trevor_mckaycuminRange≤r5237

VendorProductVersionCPE
trevor_mckaycumin*cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trevor_mckay	cumin	*	cpe:2.3:a:trevor_mckay:cumin::::::::

References

rhn.redhat.com/errata/RHSA-2012-0476.html

rhn.redhat.com/errata/RHSA-2012-0477.html

secunia.com/advisories/48810

secunia.com/advisories/48829

www.securityfocus.com/bid/53000

www.securitytracker.com/id?1026921

bugzilla.redhat.com/attachment.cgi?id=571986

bugzilla.redhat.com/show_bug.cgi?id=805712

exchange.xforce.ibmcloud.com/vulnerabilities/74844

fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

74.6%

JSON

Related for CVE-2012-1575