Lucene search

[email protected]CVE-2012-2099

HistoryJan 24, 2013 - 1:55 a.m.

CVE-2012-2099

2013-01-2401:55:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-2099

cross-site scripting

xss vulnerabilities

wikidforum 2.10

remote attackers

web script

html

advanced search

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.028 Low

EPSS

Percentile

90.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.

Affected configurations

NVD

Node

wikidforumwikidforumMatch2.10

CPENameOperatorVersion
wikidforum:wikidforumwikidforumeq2.10

CPE	Name	Operator	Version
wikidforum:wikidforum	wikidforum	eq	2.10

References

archives.neohapsis.com/archives/bugtraq/2012-03/0046.html

www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt

www.openwall.com/lists/oss-security/2012/04/12/12

www.openwall.com/lists/oss-security/2012/04/12/5

www.osvdb.org/80838

www.osvdb.org/80839

www.securityfocus.com/bid/52425

www.wikidforum.com/forum/forum-software_29/wikidforum-support_31/sschadv2012-005-unfixed-xss-and-sql-injection-security-vulnerabilities_188.html

exchange.xforce.ibmcloud.com/vulnerabilities/73985

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.028 Low

EPSS

Percentile

90.7%

JSON

Related for CVE-2012-2099

prion1 cvelist1 nvd1 openvas1 nessus1