Lucene search

CVE-2012-5452

🗓️ 22 Oct 2012 23:10:55Reported by mitreType

cve🔗 web.nvd.nist.gov👁 32 Views🌐 WEB

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allowing remote attackers to inject arbitrary web script or HTML via various parameters

Reporter	Title	Published	Views	Family All 11
Prion	Cross site scripting	22 Oct 201223:55	–	prion
Prion	Cross site scripting	22 Oct 201223:55	–	prion
Prion	Cross site scripting	22 Oct 201223:55	–	prion
Cvelist	CVE-2011-5211	22 Oct 201223:00	–	cvelist
Cvelist	CVE-2012-5452	22 Oct 201223:00	–	cvelist
Cvelist	CVE-2012-4771	22 Oct 201223:00	–	cvelist
CVE	CVE-2011-5211	22 Oct 201223:55	–	cve
CVE	CVE-2012-4771	22 Oct 201223:55	–	cve
NVD	CVE-2011-5211	22 Oct 201223:55	–	nvd
NVD	CVE-2012-5452	22 Oct 201223:55	–	nvd

Nvd

Node

intelliants subrion_cmsMatch2.2.1

Source	Link
secunia	www.secunia.com/advisories/44917
securityfocus	www.securityfocus.com/bid/55502
subrion	www.subrion.com/forums/announcements/893-subrion-open-source-cms-2-2-2-has-been-released.html
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5105.php
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/78467
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/78468
htbridge	www.htbridge.com/advisory/HTB23113
packetstormsecurity	www.packetstormsecurity.org/files/116434/Subrion-CMS-2.2.1-Cross-Site-Scripting.html
packetstormsecurity	www.packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html

Parameter	Position	Path	Description	CWE
multi_title	query param	blocks/add/	XSS vulnerability via multi_title parameter in blocks/add.	CWE-79
cost	query param	plans/add/	XSS vulnerability via cost, days, and title[en] parameters in plans/add.	CWE-79
days	query param	plans/add/	XSS vulnerability via cost, days, and title[en] parameters in plans/add.	CWE-79
title[en]	query param	plans/add/	XSS vulnerability via cost, days, and title[en] parameters in plans/add.	CWE-79
name	query param	fields/group/add/	XSS vulnerability via name and title[en] parameters in fields/group/add.	CWE-79
title[en]	query param	fields/group/add/	XSS vulnerability via name and title[en] parameters in fields/group/add.	CWE-79
f[accounts][fullname]	query param	advsearch/	XSS vulnerability via f[accounts][fullname] and f[accounts][username] parameters in advsearch.	CWE-79
f[accounts][username]	query param	advsearch/	XSS vulnerability via f[accounts][fullname] and f[accounts][username] parameters in advsearch.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Oct 2012 23:55Current

5.6Medium risk

Vulners AI Score5.6

CVSS24.3

EPSS0.00797

CWE-79