CVE-2012-4267

Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/49148	Vendor Advisory
http://smwyg.com/blog/#sockso-persistant-xss-attack	Exploit URL Repurposed
http://www.exploit-db.com/exploits/18868	Exploit
https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136	Exploit Patch
https://github.com/rodnaph/sockso/issues/93
https://github.com/rodnaph/sockso/pull/99/files	Exploit Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pu-gh:sockso::::::::
	cpe:2.3:a:pu-gh:sockso:1.1:::::::*
	cpe:2.3:a:pu-gh:sockso:1.1.1:::::::*
	cpe:2.3:a:pu-gh:sockso:1.1.2:::::::*
	cpe:2.3:a:pu-gh:sockso:1.1.3:::::::*
	cpe:2.3:a:pu-gh:sockso:1.1.4:::::::*
	cpe:2.3:a:pu-gh:sockso:1.1.5:::::::*
	cpe:2.3:a:pu-gh:sockso:1.1.6:::::::*
	cpe:2.3:a:pu-gh:sockso:1.1.7:::::::*
	cpe:2.3:a:pu-gh:sockso:1.1.8:::::::*
	cpe:2.3:a:pu-gh:sockso:1.2:::::::*
	cpe:2.3:a:pu-gh:sockso:1.2.1:::::::*
	cpe:2.3:a:pu-gh:sockso:1.2.2:::::::*
	cpe:2.3:a:pu-gh:sockso:1.2.3:::::::*
	cpe:2.3:a:pu-gh:sockso:1.2.4:::::::*
	cpe:2.3:a:pu-gh:sockso:1.2.5:::::::*
	cpe:2.3:a:pu-gh:sockso:1.2.6:::::::*
	cpe:2.3:a:pu-gh:sockso:1.2.7:::::::*
	cpe:2.3:a:pu-gh:sockso:1.3:::::::*
	cpe:2.3:a:pu-gh:sockso:1.3.1:::::::*
	cpe:2.3:a:pu-gh:sockso:1.3.2:::::::*
	cpe:2.3:a:pu-gh:sockso:1.3.3:::::::*
	cpe:2.3:a:pu-gh:sockso:1.3.4:::::::*
	cpe:2.3:a:pu-gh:sockso:1.3.5:::::::*
	cpe:2.3:a:pu-gh:sockso:1.4:::::::*
	cpe:2.3:a:pu-gh:sockso:1.4.1:::::::*
	cpe:2.3:a:pu-gh:sockso:1.4.2:::::::*

History

No history.

Information

Published : 2012-08-13 22:55

Updated : 2024-02-14 01:17

NVD link : CVE-2012-4267

Mitre link : CVE-2012-4267

CVE.ORG link : CVE-2012-4267

JSON object : View

Products Affected

pu-gh

sockso

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2012-4267", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-08-13T22:55:01.240", "references": [{"url": "http://secunia.com/advisories/49148", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://smwyg.com/blog/#sockso-persistant-xss-attack", "tags": ["Exploit", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/18868", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/rodnaph/sockso/issues/93", "source": "cve@mitre.org"}, {"url": "https://github.com/rodnaph/sockso/pull/99/files", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en user/register en Sockso v1.5 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro name.\r\n"}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pu-gh:sockso:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC8B07BE-48DB-4B31-AC72-11D2110D9511", "versionEndIncluding": "1.5"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0057C683-975A-4FEF-A4F7-8542D8C00C44"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3FE34CB-940F-4151-948F-DCDF4C323C6B"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CF94E42-470C-4913-8999-8B0C5BE80ACD"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A2EE0A1-2985-4F94-893D-049C432EFD0F"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48837FB7-2340-4C4B-953C-073006EB8EE6"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9145C81A-7BBB-430F-8750-F186AF0E06E8"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12D1180C-C485-4BCF-BB09-D190BD4BE214"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5D91033-C64D-4A08-B873-93C32ED61C19"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76963120-C187-4B0D-B354-E25AF0713EFB"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2353AC56-56EB-4146-B725-14AF107A0832"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F91289F-2C58-4ACC-AA2D-4848E42C3E94"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7CC56A4-CD83-4E6B-8B99-4C5553075C53"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6018A9BD-B64D-4954-B93C-3514000794AA"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C0B2B45-C28F-424B-B562-437CE6DDDFCA"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B40BCB5-AFE1-479B-89C5-2282117D4AF2"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33B1F055-7664-48B2-B581-BF84A33D0C2D"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC4E7D45-2D10-474A-B2B3-3066AF1A11CA"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD7DC3A1-5339-45C5-B8A4-0458FAB4B9B1"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4FB26E7-0712-4513-AF61-1ACFADA6FCB0"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8055EF8A-B92A-4676-A382-D3567FC3FC3C"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87D53EE8-F75D-4954-920E-73D5CA0722E8"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AF41FA0-DC88-4416-BE14-ABE4EB5D1497"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91C54106-BB0F-45AB-BA2D-7D7278A8B893"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34C344BA-4CAD-4CA4-9DDB-0C6DFD97C5E1"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56F0065D-BA9A-498B-BDEE-8CE89F575E38"}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEDEF3E8-A155-4C60-BA66-77BF6AA5A2F2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}