Lucene search

[email protected]NVD:CVE-2012-4890

HistorySep 10, 2012 - 10:55 p.m.

CVE-2012-4890

2012-09-1022:55:07

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery.

Affected configurations

NVD

Node

flatnuxflatnuxRange≤2011-08-09-2

flatnuxflatnuxMatch2008-12-11

flatnuxflatnuxMatch2009-01-27

flatnuxflatnuxMatch2009-02-04

References

packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html

secunia.com/advisories/48656

secunia.com/advisories/48676

www.osvdb.org/80877

www.securityfocus.com/bid/52846

www.vulnerability-lab.com/get_content.php?id=487

exchange.xforce.ibmcloud.com/vulnerabilities/74566

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

Related for NVD:CVE-2012-4890

prion2 cve2 cvelist2 nvd1