Lucene search

MitreCVE-2012-2909

HistoryMay 21, 2012 - 6:55 p.m.

CVE-2012-2909

2012-05-2118:55:07

CWE-79

mitre

web.nvd.nist.gov

114

cve-2012-2909

cross-site scripting

xss

viscacha

security vulnerabilities

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar.

Affected configurations

Nvd

Node

viscachaviscachaMatch0.8.1.1

VendorProductVersionCPE
viscachaviscacha0.8.1.1cpe:2.3:a:viscacha:viscacha:0.8.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
viscacha	viscacha	0.8.1.1	cpe:2.3:a:viscacha:viscacha:0.8.1.1:::::::*

References

www.exploit-db.com/exploits/18873

www.securityfocus.com/bid/53496

www.vulnerability-lab.com/get_content.php?id=525

exchange.xforce.ibmcloud.com/vulnerabilities/75577

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Related for CVE-2012-2909