CVE-2012-1575

Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2012-0476.html
http://rhn.redhat.com/errata/RHSA-2012-0477.html
http://secunia.com/advisories/48810
http://secunia.com/advisories/48829
http://www.securityfocus.com/bid/53000
http://www.securitytracker.com/id?1026921
https://bugzilla.redhat.com/attachment.cgi?id=571986
https://bugzilla.redhat.com/show_bug.cgi?id=805712
https://exchange.xforce.ibmcloud.com/vulnerabilities/74844
https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-04-22 18:55

Updated : 2023-02-13 04:33

NVD link : CVE-2012-1575

Mitre link : CVE-2012-1575

CVE.ORG link : CVE-2012-1575

JSON object : View

Products Affected

trevor_mckay

cumin

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2012-1575", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-04-22T18:55:04.560", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2012-0476.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0477.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/48810", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/48829", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/53000", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1026921", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/attachment.cgi?id=571986", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805712", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74844", "source": "secalert@redhat.com"}, {"url": "https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cumin antes de r5238, permite a atacantes remotos inyectar secuencias de comandos web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de vectores que incluyen (1) widgets o (2) pages."}], "lastModified": "2023-02-13T04:33:12.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "891815E0-7EDB-4D28-92BB-FAD4D3D7CB83", "versionEndIncluding": "r5237"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

4.3 /10