Lucene search

[email protected]CVE-2012-4890

HistorySep 10, 2012 - 10:55 p.m.

CVE-2012-4890

2012-09-1022:55:07

CWE-79

[email protected]

web.nvd.nist.gov

cve

2012

4890

flatnux cms

xss

vulnerabilities

remote

injection

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery.

Affected configurations

NVD

Node

flatnuxflatnuxRange≤2011-08-09-2

flatnuxflatnuxMatch2008-12-11

flatnuxflatnuxMatch2009-01-27

flatnuxflatnuxMatch2009-02-04

CPENameOperatorVersion
flatnux:flatnuxflatnuxle2011-08-09-2
flatnux:flatnuxflatnuxeq2008-12-11
flatnux:flatnuxflatnuxeq2009-01-27
flatnux:flatnuxflatnuxeq2009-02-04

CPE	Name	Operator	Version
flatnux:flatnux	flatnux	le	2011-08-09-2
flatnux:flatnux	flatnux	eq	2008-12-11
flatnux:flatnux	flatnux	eq	2009-01-27
flatnux:flatnux	flatnux	eq	2009-02-04

References

packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html

secunia.com/advisories/48656

secunia.com/advisories/48676

www.osvdb.org/80877

www.securityfocus.com/bid/52846

www.vulnerability-lab.com/get_content.php?id=487

exchange.xforce.ibmcloud.com/vulnerabilities/74566

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

Related for CVE-2012-4890

prion2 nvd2 cvelist2 cve1