CVE-2012-6430
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
90.0%
Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| opensolution | quick_cart | 6.0 | cpe:2.3:a:opensolution:quick_cart:6.0:*:*:*:*:*:*:* |
| opensolution | quick_cms | 5.0 | cpe:2.3:a:opensolution:quick_cms:5.0:*:*:*:*:*:*:* |
References
archives.neohapsis.com/archives/bugtraq/2013-01/0035.html
osvdb.org/89119
osvdb.org/89120
packetstormsecurity.com/files/119422/Quick.Cms-5.0-Quick.Cart-6.0-Cross-Site-Scripting.html
secunia.com/advisories/51769
secunia.com/advisories/51813
exchange.xforce.ibmcloud.com/vulnerabilities/81169
www.htbridge.com/advisory/HTB23135
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
90.0%