Lucene search

[email protected]NVD:CVE-2012-4873

HistorySep 06, 2012 - 9:55 p.m.

CVE-2012-4873

2012-09-0621:55:02

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

58.1%

JSON

Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.

Affected configurations

Nvd

Node

sirgnuboardRange≤4.34

VendorProductVersionCPE
sirgnuboard*cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sir	gnuboard	*	cpe:2.3:a:sir:gnuboard::::::::

References

secunia.com/advisories/48458

sir.co.kr/bbs/board.php?bo_table=g4_pds&wr_id=7156

www.exploit-db.com/exploits/18627

www.securityfocus.com/bid/52622

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

58.1%

JSON

Related for NVD:CVE-2012-4873

exploitdb1 cve1 prion1 cvelist1