Lucene search

[email protected]CVE-2013-1466

HistoryFeb 05, 2014 - 3:10 p.m.

CVE-2013-1466

2014-02-0515:10:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-1466

cross site scripting

xss

vulnerabilities

glfusion 1.2.2.pl4

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.

Affected configurations

NVD

Node

glfusionglfusionRange≤1.2.2.pl3

glfusionglfusionMatch1.0.0

glfusionglfusionMatch1.0.0rc1

glfusionglfusionMatch1.0.0rc2

glfusionglfusionMatch1.0.1

glfusionglfusionMatch1.0.2

glfusionglfusionMatch1.1.0

glfusionglfusionMatch1.1.0rc1

glfusionglfusionMatch1.1.1

glfusionglfusionMatch1.1.2

glfusionglfusionMatch1.1.3

glfusionglfusionMatch1.1.4

glfusionglfusionMatch1.1.4.pl1

glfusionglfusionMatch1.1.4.pl2

glfusionglfusionMatch1.1.4.pl3

glfusionglfusionMatch1.1.4.pl4

glfusionglfusionMatch1.1.5

glfusionglfusionMatch1.1.5.pl1

glfusionglfusionMatch1.1.5.pl2

glfusionglfusionMatch1.1.5.pl3

glfusionglfusionMatch1.1.6

glfusionglfusionMatch1.1.6.pl1

glfusionglfusionMatch1.1.6.pl2

glfusionglfusionMatch1.1.6.pl3

glfusionglfusionMatch1.1.6.pl4

glfusionglfusionMatch1.1.7

glfusionglfusionMatch1.1.8

glfusionglfusionMatch1.1.8.pl1

glfusionglfusionMatch1.1.8.pl2

glfusionglfusionMatch1.1.8.pl3

glfusionglfusionMatch1.1.8.pl4

glfusionglfusionMatch1.1.8.pl5

glfusionglfusionMatch1.1.8.pl6

glfusionglfusionMatch1.2.0

glfusionglfusionMatch1.2.0.pl1

glfusionglfusionMatch1.2.0.pl2

glfusionglfusionMatch1.2.0.pl3

glfusionglfusionMatch1.2.0.pl4

glfusionglfusionMatch1.2.0.pl5

glfusionglfusionMatch1.2.0.pl6

glfusionglfusionMatch1.2.0.pl7

glfusionglfusionMatch1.2.2

glfusionglfusionMatch1.2.2.pl1

glfusionglfusionMatch1.2.2.pl2

CPENameOperatorVersion
glfusion:glfusionglfusionle1.2.2.pl3
glfusion:glfusionglfusioneq1.0.0
glfusion:glfusionglfusioneq1.0.1
glfusion:glfusionglfusioneq1.0.2
glfusion:glfusionglfusioneq1.1.0
glfusion:glfusionglfusioneq1.1.1
glfusion:glfusionglfusioneq1.1.2
glfusion:glfusionglfusioneq1.1.3
glfusion:glfusionglfusioneq1.1.4
glfusion:glfusionglfusioneq1.1.4.pl1

CPE	Name	Operator	Version
glfusion:glfusion	glfusion	le	1.2.2.pl3
glfusion:glfusion	glfusion	eq	1.0.0
glfusion:glfusion	glfusion	eq	1.0.1
glfusion:glfusion	glfusion	eq	1.0.2
glfusion:glfusion	glfusion	eq	1.1.0
glfusion:glfusion	glfusion	eq	1.1.1
glfusion:glfusion	glfusion	eq	1.1.2
glfusion:glfusion	glfusion	eq	1.1.3
glfusion:glfusion	glfusion	eq	1.1.4
glfusion:glfusion	glfusion	eq	1.1.4.pl1