Lucene search

CVE-2012-4771

🗓️ 22 Oct 2012 23:08:55Reported by mitreType

cve🔗 web.nvd.nist.gov👁 33 Views🌐 WEB

CVE-2012-4771 XSS vulnerabilities in Subrion CMS before 2.2.

Reporter	Title	Published	Views	Family All 18
NVD	CVE-2012-4771	22 Oct 201223:55	–	nvd
NVD	CVE-2011-5211	22 Oct 201223:55	–	nvd
NVD	CVE-2012-5452	22 Oct 201223:55	–	nvd
Prion	Cross site scripting	22 Oct 201223:55	–	prion
Prion	Cross site scripting	22 Oct 201223:55	–	prion
Prion	Cross site scripting	22 Oct 201223:55	–	prion
Cvelist	CVE-2012-4771	22 Oct 201223:00	–	cvelist
Cvelist	CVE-2011-5211	22 Oct 201223:00	–	cvelist
Cvelist	CVE-2012-5452	22 Oct 201223:00	–	cvelist
securityvulns	Multiple vulnerabilities in Subrion CMS	22 Oct 201200:00	–	securityvulns

Nvd

Node

intelliants subrion_cmsRange≤2.2.2

intelliants subrion_cmsMatch2.0.4

intelliants subrion_cmsMatch2.2.0

intelliants subrion_cmsMatch2.2.1

Source	Link
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5105.php
archives	www.archives.neohapsis.com/archives/bugtraq/2012-10/0096.html
subrion	www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html
secunia	www.secunia.com/advisories/51013
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/79468
htbridge	www.htbridge.com/advisory/HTB23113
packetstormsecurity	www.packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html

Parameter	Position	Path	Description	CWE
id	query param	/admin/accounts/edit/	Cross-Site Scripting (XSS) vulnerability allowing execution of arbitrary HTML and script code in administrator's browser.	CWE-79
group	query param	/admin/configuration/	Cross-Site Scripting (XSS) vulnerability allowing execution of arbitrary HTML and script code in administrator's browser.	CWE-79
id	query param	/admin/manage/fields/edit/	Cross-Site Scripting (XSS) vulnerability allowing execution of arbitrary HTML and script code in administrator's browser.	CWE-79
id	query param	/admin/manage/blocks/edit/	Cross-Site Scripting (XSS) vulnerability allowing execution of arbitrary HTML and script code in administrator's browser.	CWE-79
plan_id	request body	/register/	SQL Injection vulnerability allowing arbitrary SQL code injection.	CWE-89
f[accounts][fullname]	request body	/advsearch/	Cross-Site Scripting (XSS) vulnerability allowing execution of arbitrary HTML and script code in user's browser.	CWE-79
f[accounts][username]	request body	/advsearch/	Cross-Site Scripting (XSS) vulnerability allowing execution of arbitrary HTML and script code in user's browser.	CWE-79
username	request body	/admin/accounts/add/	Cross-Site Request Forgery (CSRF) vulnerability allowing unauthorized actions without proper checks.	CWE-352
fullname	request body	/admin/accounts/add/	Cross-Site Request Forgery (CSRF) vulnerability allowing unauthorized actions without proper checks.	CWE-352
email	request body	/admin/accounts/add/	Cross-Site Request Forgery (CSRF) vulnerability allowing unauthorized actions without proper checks.	CWE-352

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Oct 2012 23:55Current

5.5Medium risk

Vulners AI Score5.5

CVSS24.3

EPSS0.13096

CWE-79