Lucene search

[email protected]CVE-2012-2590

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-2590

2022-10-0316:15:36

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-2590

xss

escon supportportal professional edition 3.0

security

vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAME element, (3) a crafted CONTENT attribute of an HTTP-EQUIV=“Set-Cookie” META element, or (4) an innerHTML attribute within an XML document.

Affected configurations

NVD

Node

e-supportportalescon_supportportalMatch3.0professional

CPENameOperatorVersion
e-supportportal:escon_supportportale-supportportal escon supportportaleq3.0

CPE	Name	Operator	Version
e-supportportal:escon_supportportal	e-supportportal escon supportportal	eq	3.0

References

www.exploit-db.com/exploits/20350/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.1%

JSON

Related for CVE-2012-2590

packetstorm1 nvd1 cvelist1 prion1