CVE-2012-2604

2022-10-0316:15:36

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-2604

xss

guestaccess.jsp

bradford network sentry

nvd

security vulnerabilities

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

Affected configurations

NVD

Node

bradfordnetworksnetwork_sentry_appliance_softwareRange≤5.3

AND

bradfordnetworksnetwork_sentry_applianceMatchns500rx

bradfordnetworksnetwork_sentry_applianceMatchns500x

CPENameOperatorVersion
bradfordnetworks:network_sentry_appliance_softwarebradfordnetworks network sentry appliance softwarele5.3
bradfordnetworks:network_sentry_appliancebradfordnetworks network sentry applianceeqns500rx
bradfordnetworks:network_sentry_appliancebradfordnetworks network sentry applianceeqns500x

CPE	Name	Operator	Version
bradfordnetworks:network_sentry_appliance_software	bradfordnetworks network sentry appliance software	le	5.3
bradfordnetworks:network_sentry_appliance	bradfordnetworks network sentry appliance	eq	ns500rx
bradfordnetworks:network_sentry_appliance	bradfordnetworks network sentry appliance	eq	ns500x