CVE-2012-4950

CVE-2012-4950 is a reflected cross-site scripting vulnerability in the Keyword Search page of the Pattern Insight 2.3 web interface. The issue arises because certain characters in error-message construction are not properly escaped, allowing a remote attacker to inject arbitrary script/HTML via a...

CVE-2012-4935

CVE-2012-4935 : Pattern Insight 2.3 web interface contains a Cross-Site Request Forgery (CSRF) vulnerability that can allow an authenticated user to be coerced into performing actions of the attacker’s choosing. The NVD entry lists a base score of 6.8 (Medium) with network attack vector, no user ...

CVE-2012-4937

CVE-2012-4937 affects Pattern Insight 2.3. The web interface suffers a session-management weakness (session fixation) where a jsession_id cookie can be used to hijack an authenticated session. Impact, as described, includes potential privilege escalation or authentication bypass for an attacker w...

CVE-2012-4938

CVE-2012-4938 affects Pattern Insight 2.3 web interface. The root cause is that HTML is allowed in the banner message, enabling an authenticated administrator to inject arbitrary web script or HTML, i.e., a cross-site scripting (XSS) condition. The issue is contextual: exploitation requires exist...

CVE-2012-4936

CVE-2012-4936 concerns Pattern Insight 2.3, whose web interface is vulnerable to clickjacking via a FRAME element. The CVE description from NVD states that remote attackers can conduct clickjacking against the Pattern Insight web interface, with the effect of framing the application and potential...