Lucene search

[email protected]CVE-2012-3830

HistoryJul 03, 2012 - 10:55 p.m.

CVE-2012-3830

2012-07-0322:55:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-3830

xss

vulnerability

decoda

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

70.9%

JSON

Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive.

Affected configurations

NVD

Node

milesjdecodaRange≤3.3.1

milesjdecodaMatch2.2

milesjdecodaMatch2.3

milesjdecodaMatch2.4

milesjdecodaMatch2.5

milesjdecodaMatch2.6

milesjdecodaMatch2.7

milesjdecodaMatch2.8

milesjdecodaMatch2.9

milesjdecodaMatch3.0

milesjdecodaMatch3.1

milesjdecodaMatch3.2

milesjdecodaMatch3.3

VendorProductVersionCPE
milesjdecoda2.2cpe:/a:milesj:decoda:2.2:::
milesjdecoda3.1cpe:/a:milesj:decoda:3.1:::
milesjdecoda2.7cpe:/a:milesj:decoda:2.7:::
milesjdecoda2.8cpe:/a:milesj:decoda:2.8:::
milesjdecoda3.2cpe:/a:milesj:decoda:3.2:::
milesjdecoda2.6cpe:/a:milesj:decoda:2.6:::
milesjdecoda2.5cpe:/a:milesj:decoda:2.5:::
milesjdecodacpe:/a:milesj:decoda::::
milesjdecoda2.4cpe:/a:milesj:decoda:2.4:::
milesjdecoda2.9cpe:/a:milesj:decoda:2.9:::

Vendor	Product	Version	CPE
milesj	decoda	2.2	cpe:/a:milesj:decoda:2.2:::
milesj	decoda	3.1	cpe:/a:milesj:decoda:3.1:::
milesj	decoda	2.7	cpe:/a:milesj:decoda:2.7:::
milesj	decoda	2.8	cpe:/a:milesj:decoda:2.8:::
milesj	decoda	3.2	cpe:/a:milesj:decoda:3.2:::
milesj	decoda	2.6	cpe:/a:milesj:decoda:2.6:::
milesj	decoda	2.5	cpe:/a:milesj:decoda:2.5:::
milesj	decoda		cpe:/a:milesj:decoda::::
milesj	decoda	2.4	cpe:/a:milesj:decoda:2.4:::
milesj	decoda	2.9	cpe:/a:milesj:decoda:2.9:::

Rows per page:

1-10 of 131

References

osvdb.org/81637

secunia.com/advisories/48931

www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags

www.securityfocus.com/bid/53332

exchange.xforce.ibmcloud.com/vulnerabilities/75333

github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83

github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9

Social References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

70.9%

JSON

Related for CVE-2012-3830

cvelist1 prion1 nvd1