Lucene search

RedhatCVE-2012-3476

HistoryAug 12, 2012 - 9:55 p.m.

CVE-2012-3476

2012-08-1221:55:01

CWE-79

redhat

web.nvd.nist.gov

cve-2012-3476

cross-site scripting

xss vulnerabilities

ushahidi platform

web security

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

32.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.

Affected configurations

Nvd

Node

ushahidiushahidi_platformRange≤2.4.1

ushahidiushahidi_platformMatch1.0

ushahidiushahidi_platformMatch1.2

ushahidiushahidi_platformMatch2.0

ushahidiushahidi_platformMatch2.1

ushahidiushahidi_platformMatch2.2

ushahidiushahidi_platformMatch2.2.1

ushahidiushahidi_platformMatch2.3.1

ushahidiushahidi_platformMatch2.3.2

ushahidiushahidi_platformMatch2.4

VendorProductVersionCPE
ushahidiushahidi_platform*cpe:2.3:a:ushahidi:ushahidi_platform:*:*:*:*:*:*:*:*
ushahidiushahidi_platform1.0cpe:2.3:a:ushahidi:ushahidi_platform:1.0:*:*:*:*:*:*:*
ushahidiushahidi_platform1.2cpe:2.3:a:ushahidi:ushahidi_platform:1.2:*:*:*:*:*:*:*
ushahidiushahidi_platform2.0cpe:2.3:a:ushahidi:ushahidi_platform:2.0:*:*:*:*:*:*:*
ushahidiushahidi_platform2.1cpe:2.3:a:ushahidi:ushahidi_platform:2.1:*:*:*:*:*:*:*
ushahidiushahidi_platform2.2cpe:2.3:a:ushahidi:ushahidi_platform:2.2:*:*:*:*:*:*:*
ushahidiushahidi_platform2.2.1cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:*:*:*:*:*:*:*
ushahidiushahidi_platform2.3.1cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:*:*:*:*:*:*:*
ushahidiushahidi_platform2.3.2cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:*:*:*:*:*:*:*
ushahidiushahidi_platform2.4cpe:2.3:a:ushahidi:ushahidi_platform:2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ushahidi	ushahidi_platform	*	cpe:2.3:a:ushahidi:ushahidi_platform::::::::
ushahidi	ushahidi_platform	1.0	cpe:2.3:a:ushahidi:ushahidi_platform:1.0:::::::*
ushahidi	ushahidi_platform	1.2	cpe:2.3:a:ushahidi:ushahidi_platform:1.2:::::::*
ushahidi	ushahidi_platform	2.0	cpe:2.3:a:ushahidi:ushahidi_platform:2.0:::::::*
ushahidi	ushahidi_platform	2.1	cpe:2.3:a:ushahidi:ushahidi_platform:2.1:::::::*
ushahidi	ushahidi_platform	2.2	cpe:2.3:a:ushahidi:ushahidi_platform:2.2:::::::*
ushahidi	ushahidi_platform	2.2.1	cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:::::::*
ushahidi	ushahidi_platform	2.3.1	cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:::::::*
ushahidi	ushahidi_platform	2.3.2	cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:::::::*
ushahidi	ushahidi_platform	2.4	cpe:2.3:a:ushahidi:ushahidi_platform:2.4:::::::*

References

openwall.com/lists/oss-security/2012/08/09/5

github.com/ushahidi/Ushahidi_Web/commit/00eae4f

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

32.4%

JSON

Related for CVE-2012-3476