Lucene search

[email protected]CVE-2012-4262

HistoryAug 13, 2012 - 6:55 p.m.

CVE-2012-4262

2012-08-1318:55:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-4262

cross-site scripting

xss

mycare2x

remote attack

web script injection

html injection

security vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.

Affected configurations

NVD

Node

hccgmbhmycare2xMatch-

CPENameOperatorVersion
hccgmbh:mycare2xhccgmbh mycare2xeq-

CPE	Name	Operator	Version
hccgmbh:mycare2x	hccgmbh mycare2x	eq	-

References

packetstormsecurity.org/files/112462/myCare2x-CMS-Cross-Site-Scripting-SQL-Injection.html

secunia.com/advisories/49029

www.exploit-db.com/exploits/18844

www.osvdb.org/81687

www.osvdb.org/81688

www.osvdb.org/81689

www.osvdb.org/81690

www.securityfocus.com/bid/53392

www.vulnerability-lab.com/get_content.php?id=524

exchange.xforce.ibmcloud.com/vulnerabilities/75391

exchange.xforce.ibmcloud.com/vulnerabilities/75392

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for CVE-2012-4262

prion1 cvelist1 nvd1