Ubuntu.comUB:CVE-2012-4667CVE-2012-4667
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.6%
Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x
before 5.8 allow remote attackers to inject arbitrary web script or HTML
via the (1) url, (2) virus, (3) source, or (4) user parameter to (a)
clwarn.cgi, (b) clwarn.cgi.de_DE, © clwarn.cgi.en_EN, (d)
clwarn.cgi.fr_FR, (e) clwarn.cgi.pt_BR, or (f) clwarn.cgi.ru_RU in
cgi-bin/.
Bugs
References
freecode.com/projects/squidclamav/releases/346722
squidclamav.darold.net/news.html
www.openwall.com/lists/oss-security/2012/08/16/2
www.openwall.com/lists/oss-security/2012/08/16/4
launchpad.net/bugs/cve/CVE-2012-4667
nvd.nist.gov/vuln/detail/CVE-2012-4667
security-tracker.debian.org/tracker/CVE-2012-4667
www.cve.org/CVERecord?id=CVE-2012-4667
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.6%