Lucene search
HistoryApr 17, 2012 - 6:55 p.m.
CVE-2012-1979
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.2
Confidence
High
EPSS
0.003
Percentile
66.4%
Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.
Affected configurations
Node
syndeocmssyndeocmsRange≤3.0.01
ORsyndeocmssyndeocmsMatch2.4
ORsyndeocmssyndeocmsMatch2.4.10
ORsyndeocmssyndeocmsMatch2.5.00
ORsyndeocmssyndeocmsMatch2.5.01
ORsyndeocmssyndeocmsMatch2.6.00
ORsyndeocmssyndeocmsMatch2.7.00
ORsyndeocmssyndeocmsMatch2.8.00
ORsyndeocmssyndeocmsMatch2.8.1
ORsyndeocmssyndeocmsMatch2.8.02
ORsyndeocmssyndeocmsMatch2.9.00
ORsyndeocmssyndeocmsMatch3.0.00
References
Related
cvelist
cvelist
CVE-2012-1979
2012-04-17 18:00:00
packetstorm
packetstorm
SyndeoCMS 3.0.01 Cross Site Scripting
2012-03-30 00:00:00
exploitpack
exploitpack
SyndeoCMS 3.0.01 - Persistent Cross-Site Scripting
2012-03-30 00:00:00
seebug
seebug
SyndeoCMS <= 3.0.01 Persistent XSS
2014-07-01 00:00:00
prion
prion
Cross site scripting
2012-04-17 18:55:00
cve
cve
CVE-2012-1979
2012-04-17 18:55:01
exploitdb
exploitdb
SyndeoCMS 3.0.01 - Persistent Cross-Site Scripting
2012-03-30 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.2
Confidence
High
EPSS
0.003
Percentile
66.4%
Related for NVD:CVE-2012-1979