Lucene search

[email protected]CVE-2012-5296

HistoryOct 04, 2012 - 5:55 p.m.

CVE-2012-5296

2012-10-0417:55:01

CWE-79

[email protected]

web.nvd.nist.gov

cve

2012

5296

cross-site scripting

xss

mavili guestbook

remote attackers

web script

html

vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4) edit2.asp.

Affected configurations

NVD

Node

mavili_guestbook_projectmavili_guestbookMatch-

CPENameOperatorVersion
mavili_guestbook_project:mavili_guestbookmavili guestbook project mavili guestbookeq-

CPE	Name	Operator	Version
mavili_guestbook_project:mavili_guestbook	mavili guestbook project mavili guestbook	eq	-

References

archives.neohapsis.com/archives/bugtraq/2012-01/0010.html

code.google.com/p/maviliguestbook/issues/detail?id=1

www.securityfocus.com/bid/51252

exchange.xforce.ibmcloud.com/vulnerabilities/72100

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for CVE-2012-5296

cvelist1 prion1 nvd1