Lucene search

[email protected]NVD:CVE-2012-4437

HistoryOct 01, 2012 - 3:26 a.m.

CVE-2012-4437

2012-10-0103:26:16

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.

Affected configurations

NVD

Node

smartysmartyMatch1.0

smartysmartyMatch1.0a

smartysmartyMatch1.0b

smartysmartyMatch1.1.0

smartysmartyMatch1.2.0

smartysmartyMatch1.2.1

smartysmartyMatch1.2.2

smartysmartyMatch1.3.0

smartysmartyMatch1.3.1

smartysmartyMatch1.3.2

smartysmartyMatch1.4.0

smartysmartyMatch1.4.0b1

smartysmartyMatch1.4.0b2

smartysmartyMatch1.4.1

smartysmartyMatch1.4.2

smartysmartyMatch1.4.3

smartysmartyMatch1.4.4

smartysmartyMatch1.4.5

smartysmartyMatch1.4.6

smartysmartyMatch1.5.0

smartysmartyMatch1.5.1

smartysmartyMatch1.5.2

smartysmartyMatch2.0.0

smartysmartyMatch2.0.1

smartysmartyMatch2.1.0

smartysmartyMatch2.1.1

smartysmartyMatch2.2.0

smartysmartyMatch2.3.0

smartysmartyMatch2.3.1

smartysmartyMatch2.4.0

smartysmartyMatch2.4.1

smartysmartyMatch2.4.2

smartysmartyMatch2.5.0

smartysmartyMatch2.5.0rc1

smartysmartyMatch2.5.0rc2

smartysmartyMatch2.6.0

smartysmartyMatch2.6.0rc1

smartysmartyMatch2.6.0rc2

smartysmartyMatch2.6.0rc3

smartysmartyMatch2.6.1

smartysmartyMatch2.6.2

smartysmartyMatch2.6.3

smartysmartyMatch2.6.4

smartysmartyMatch2.6.5

smartysmartyMatch2.6.6

smartysmartyMatch2.6.7

smartysmartyMatch2.6.9

smartysmartyMatch2.6.10

smartysmartyMatch2.6.11

smartysmartyMatch2.6.12

smartysmartyMatch2.6.13

smartysmartyMatch2.6.14

smartysmartyMatch2.6.15

smartysmartyMatch2.6.16

smartysmartyMatch2.6.17

smartysmartyMatch2.6.18

smartysmartyMatch2.6.20

smartysmartyMatch2.6.22

smartysmartyMatch2.6.24

smartysmartyMatch2.6.25

smartysmartyMatch2.6.26

smartysmartyMatch3.0.0

smartysmartyMatch3.0.0beta4

smartysmartyMatch3.0.0beta5

smartysmartyMatch3.0.0beta6

smartysmartyMatch3.0.0beta7

smartysmartyMatch3.0.0beta8

smartysmartyMatch3.0.0rc1

smartysmartyMatch3.0.0rc2

smartysmartyMatch3.0.0rc3

smartysmartyMatch3.0.0rc4

smartysmartyMatch3.0.1

smartysmartyMatch3.0.2

smartysmartyMatch3.0.3

smartysmartyMatch3.0.4

smartysmartyMatch3.0.5

smartysmartyMatch3.0.6

smartysmartyMatch3.0.7

smartysmartyMatch3.1rc1

smartysmartyMatch3.1.0

smartysmartyMatch3.1.1

smartysmartyMatch3.1.2

smartysmartyMatch3.1.3

smartysmartyMatch3.1.4

smartysmartyMatch3.1.5

smartysmartyMatch3.1.6

smartysmartyMatch3.1.7

smartysmartyMatch3.1.8

smartysmartyMatch3.1.9

smartysmartyMatch3.1.10

smartysmartyMatch3.1.11

smartysmartyMatch3.1.12

References

advisories.mageia.org/MGASA-2014-0468.html

code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt

code.google.com/p/smarty-php/source/detail?r=4658

jvn.jp/en/jp/JVN63650108/index.html

jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000094.html

lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html

secunia.com/advisories/50589

www.mandriva.com/security/advisories?name=MDVSA-2014:221

www.openwall.com/lists/oss-security/2012/09/19/1

www.openwall.com/lists/oss-security/2012/09/20/3

www.securityfocus.com/bid/55506

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

Related for NVD:CVE-2012-4437

ubuntucve1 jvn1 debiancve1 veracode1 prion1 cve1 fedora1 osv1 github1 nessus2 cvelist1 openvas1 securityvulns2 mageia1