Lucene search

[email protected]CVE-2012-5684

HistoryAug 14, 2014 - 2:55 p.m.

CVE-2012-5684

2014-08-1414:55:05

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-5684

cross-site scripting

xss

zpanel

web security

nvd

7.5 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.6%

JSON

Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/.

Affected configurations

NVD

Node

zpanelcpzpanelRange≤10.0.1

CPENameOperatorVersion
zpanelcp:zpanelzpanelcp zpanelle10.0.1

CPE	Name	Operator	Version
zpanelcp:zpanel	zpanelcp zpanel	le	10.0.1

References

osvdb.org/show/osvdb/87139

packetstormsecurity.com/files/117894/ZPanel-10.0.1-XSS-CSRF-SQL-Injection.html

secunia.com/advisories/51172

www.exploit-db.com/exploits/22490

exchange.xforce.ibmcloud.com/vulnerabilities/79839

7.5 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for CVE-2012-5684

prion1 cvelist1 nvd1 packetstorm1 seebug1 exploitpack1 exploitdb1