Lucene search

[email protected]NVD:CVE-2012-2903

HistoryMay 21, 2012 - 6:55 p.m.

CVE-2012-2903

2012-05-2118:55:02

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.

Affected configurations

Nvd

Node

chatelaophp_address_bookRange≤6.1.1

chatelaophp_address_bookMatch1.0

chatelaophp_address_bookMatch1.2

chatelaophp_address_bookMatch2.0

chatelaophp_address_bookMatch2.1

chatelaophp_address_bookMatch2.1.1

chatelaophp_address_bookMatch2.2

chatelaophp_address_bookMatch2.3

chatelaophp_address_bookMatch2.4

chatelaophp_address_bookMatch2.6

chatelaophp_address_bookMatch3.0

chatelaophp_address_bookMatch3.1

chatelaophp_address_bookMatch3.1.1

chatelaophp_address_bookMatch3.1.2

chatelaophp_address_bookMatch3.1.3

chatelaophp_address_bookMatch3.1.4

chatelaophp_address_bookMatch3.1.5

chatelaophp_address_bookMatch3.1.6

chatelaophp_address_bookMatch3.2

chatelaophp_address_bookMatch3.2.1

chatelaophp_address_bookMatch3.2.2

chatelaophp_address_bookMatch3.2.3

chatelaophp_address_bookMatch3.2.4

chatelaophp_address_bookMatch3.2.5

chatelaophp_address_bookMatch3.2.6

chatelaophp_address_bookMatch3.2.7

chatelaophp_address_bookMatch3.2.8

chatelaophp_address_bookMatch3.2.9

chatelaophp_address_bookMatch3.2.10

chatelaophp_address_bookMatch3.2.11

chatelaophp_address_bookMatch3.2.12

chatelaophp_address_bookMatch3.2.13

chatelaophp_address_bookMatch3.2.14

chatelaophp_address_bookMatch3.3

chatelaophp_address_bookMatch3.3.1

chatelaophp_address_bookMatch3.3.2

chatelaophp_address_bookMatch3.3.3

chatelaophp_address_bookMatch3.3.4

chatelaophp_address_bookMatch3.3.5

chatelaophp_address_bookMatch3.3.6

chatelaophp_address_bookMatch3.3.7

chatelaophp_address_bookMatch3.3.8

chatelaophp_address_bookMatch3.3.9

chatelaophp_address_bookMatch3.3.10

chatelaophp_address_bookMatch3.3.12

chatelaophp_address_bookMatch3.3.13

chatelaophp_address_bookMatch3.3.14

chatelaophp_address_bookMatch3.3.15

chatelaophp_address_bookMatch3.3.16

chatelaophp_address_bookMatch3.3.17

chatelaophp_address_bookMatch3.3.18

chatelaophp_address_bookMatch3.4

chatelaophp_address_bookMatch3.4.1

chatelaophp_address_bookMatch3.4.2

chatelaophp_address_bookMatch3.4.3

chatelaophp_address_bookMatch3.4.4

chatelaophp_address_bookMatch3.4.5

chatelaophp_address_bookMatch3.4.6

chatelaophp_address_bookMatch3.4.7

chatelaophp_address_bookMatch3.4.8

chatelaophp_address_bookMatch3.4.9

chatelaophp_address_bookMatch4.0

chatelaophp_address_bookMatch4.0.2

chatelaophp_address_bookMatch4.1.1

chatelaophp_address_bookMatch4.1.3

chatelaophp_address_bookMatch4.1.4

chatelaophp_address_bookMatch5.0

chatelaophp_address_bookMatch5.0beta

chatelaophp_address_bookMatch5.1

chatelaophp_address_bookMatch5.2

chatelaophp_address_bookMatch5.3

chatelaophp_address_bookMatch5.4

chatelaophp_address_bookMatch5.4.1

chatelaophp_address_bookMatch5.4.2

chatelaophp_address_bookMatch5.4.3

chatelaophp_address_bookMatch5.4.4

chatelaophp_address_bookMatch5.4.5

chatelaophp_address_bookMatch5.4.6

chatelaophp_address_bookMatch5.4.7

chatelaophp_address_bookMatch5.4.9

chatelaophp_address_bookMatch5.5

chatelaophp_address_bookMatch5.6

chatelaophp_address_bookMatch5.7

chatelaophp_address_bookMatch5.7.1

chatelaophp_address_bookMatch5.7.2

chatelaophp_address_bookMatch5.7.3

chatelaophp_address_bookMatch5.7.4

chatelaophp_address_bookMatch5.7.5

chatelaophp_address_bookMatch5.8.1

chatelaophp_address_bookMatch6.0

chatelaophp_address_bookMatch6.1

VendorProductVersionCPE
chatelaophp_address_book*cpe:2.3:a:chatelao:php_address_book:*:*:*:*:*:*:*:*
chatelaophp_address_book1.0cpe:2.3:a:chatelao:php_address_book:1.0:*:*:*:*:*:*:*
chatelaophp_address_book1.2cpe:2.3:a:chatelao:php_address_book:1.2:*:*:*:*:*:*:*
chatelaophp_address_book2.0cpe:2.3:a:chatelao:php_address_book:2.0:*:*:*:*:*:*:*
chatelaophp_address_book2.1cpe:2.3:a:chatelao:php_address_book:2.1:*:*:*:*:*:*:*
chatelaophp_address_book2.1.1cpe:2.3:a:chatelao:php_address_book:2.1.1:*:*:*:*:*:*:*
chatelaophp_address_book2.2cpe:2.3:a:chatelao:php_address_book:2.2:*:*:*:*:*:*:*
chatelaophp_address_book2.3cpe:2.3:a:chatelao:php_address_book:2.3:*:*:*:*:*:*:*
chatelaophp_address_book2.4cpe:2.3:a:chatelao:php_address_book:2.4:*:*:*:*:*:*:*
chatelaophp_address_book2.6cpe:2.3:a:chatelao:php_address_book:2.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
chatelao	php_address_book	*	cpe:2.3:a:chatelao:php_address_book::::::::
chatelao	php_address_book	1.0	cpe:2.3:a:chatelao:php_address_book:1.0:::::::*
chatelao	php_address_book	1.2	cpe:2.3:a:chatelao:php_address_book:1.2:::::::*
chatelao	php_address_book	2.0	cpe:2.3:a:chatelao:php_address_book:2.0:::::::*
chatelao	php_address_book	2.1	cpe:2.3:a:chatelao:php_address_book:2.1:::::::*
chatelao	php_address_book	2.1.1	cpe:2.3:a:chatelao:php_address_book:2.1.1:::::::*
chatelao	php_address_book	2.2	cpe:2.3:a:chatelao:php_address_book:2.2:::::::*
chatelao	php_address_book	2.3	cpe:2.3:a:chatelao:php_address_book:2.3:::::::*
chatelao	php_address_book	2.4	cpe:2.3:a:chatelao:php_address_book:2.4:::::::*
chatelao	php_address_book	2.6	cpe:2.3:a:chatelao:php_address_book:2.6:::::::*