Lucene search

[email protected]CVE-2012-5226

HistoryOct 01, 2012 - 8:55 p.m.

CVE-2012-5226

2012-10-0120:55:04

CWE-79

[email protected]

web.nvd.nist.gov

cve

2012

5226

cross-site scripting

xss

vulnerabilities

peel shopping

remote attackers

web script

html

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php.

Affected configurations

NVD

Node

peelpeel_shoppingMatch2.8

peelpeel_shoppingMatch2.9

CPENameOperatorVersion
peel:peel_shoppingpeel peel shoppingeq2.8
peel:peel_shoppingpeel peel shoppingeq2.9

CPE	Name	Operator	Version
peel:peel_shopping	peel peel shopping	eq	2.8
peel:peel_shopping	peel peel shopping	eq	2.9

References

www.exploit-db.com/exploits/18422

www.securityfocus.com/bid/51700

exchange.xforce.ibmcloud.com/vulnerabilities/72765

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.7%

JSON

Related for CVE-2012-5226

nvd1 prion1 cvelist1