CVE-2013-1466

Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html
http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html
http://secunia.com/advisories/52255	Vendor Advisory
http://www.exploit-db.com/exploits/24536
http://www.glfusion.org/article.php/glf122_update_20130130_01	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/82211
https://www.htbridge.com/advisory/HTB23142

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:glfusion:glfusion::::::::
	cpe:2.3:a:glfusion:glfusion:1.0.0:::::::*
	cpe:2.3:a:glfusion:glfusion:1.0.0:rc1::::::
	cpe:2.3:a:glfusion:glfusion:1.0.0:rc2::::::
	cpe:2.3:a:glfusion:glfusion:1.0.1:::::::*
	cpe:2.3:a:glfusion:glfusion:1.0.2:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.0:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.0:rc1::::::
	cpe:2.3:a:glfusion:glfusion:1.1.1:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.2:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.3:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.4:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.4.pl1:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.4.pl2:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.4.pl3:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.4.pl4:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.5:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.5.pl1:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.5.pl2:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.5.pl3:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.6:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.6.pl1:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.6.pl2:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.6.pl3:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.6.pl4:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.7:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.8:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.8.pl1:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.8.pl2:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.8.pl3:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.8.pl4:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.8.pl5:::::::*
	cpe:2.3:a:glfusion:glfusion:1.1.8.pl6:::::::*
	cpe:2.3:a:glfusion:glfusion:1.2.0:::::::*
	cpe:2.3:a:glfusion:glfusion:1.2.0.pl1:::::::*
	cpe:2.3:a:glfusion:glfusion:1.2.0.pl2:::::::*
	cpe:2.3:a:glfusion:glfusion:1.2.0.pl3:::::::*
	cpe:2.3:a:glfusion:glfusion:1.2.0.pl4:::::::*
	cpe:2.3:a:glfusion:glfusion:1.2.0.pl5:::::::*
	cpe:2.3:a:glfusion:glfusion:1.2.0.pl6:::::::*
	cpe:2.3:a:glfusion:glfusion:1.2.0.pl7:::::::*
	cpe:2.3:a:glfusion:glfusion:1.2.2:::::::*
	cpe:2.3:a:glfusion:glfusion:1.2.2.pl1:::::::*
	cpe:2.3:a:glfusion:glfusion:1.2.2.pl2:::::::*

History

No history.

Information

Published : 2014-02-05 15:10

Updated : 2017-08-29 01:33

NVD link : CVE-2013-1466

Mitre link : CVE-2013-1466

CVE.ORG link : CVE-2013-1466

JSON object : View

Products Affected

glfusion

glfusion

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2013-1466", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-02-05T15:10:01.550", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/52255", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/24536", "source": "cve@mitre.org"}, {"url": "http://www.glfusion.org/article.php/glf122_update_20130130_01", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82211", "source": "cve@mitre.org"}, {"url": "https://www.htbridge.com/advisory/HTB23142", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en glFusion anterior a 1.2.2.pl4 permite a atacantes remotos inyectar script Web o HTML arbitrario a trav\u00e9s de (1) par\u00e1metros sujetos a profiles.php; par\u00e1metros (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, o (9) zipcode hacia calendar/index.php; par\u00e1metros (10) title o (11) url hacia links/index.php; o (12) PATH_INFO hacia admin/plugins/mediagallery/xppubwiz.php/."}], "lastModified": "2017-08-29T01:33:09.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:glfusion:glfusion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD92F979-758E-48EB-B6D7-F838531F7E16", "versionEndIncluding": "1.2.2.pl3"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "798B4747-978F-46D2-8EF1-76D8BC0872F2"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3D0B5AC-35D8-4900-B2F8-95D661E880CF"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FE6694E-7ED1-45F4-94D7-D5CD9AA6D801"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D711131E-314B-4BBE-9E6F-973C154694B4"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0A24202-EB12-4428-A327-97504EB460B6"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D80EE971-44CA-478F-88CB-A13CBDD628CF"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51D13EE5-3B44-4AB3-86CD-01E9488DFBF4"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6941B9D9-5EA0-4954-89E8-350B4EE8E35A"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "028947C2-71A3-4FBF-BBCD-BA7CF0098E96"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E7BB830-42C3-4A2A-AF2B-283669BE5A3F"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D786A2AB-45C0-49B5-9F0D-97FCCC57BF06"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76A78CD4-81C7-43D0-AF55-70D6764CB28B"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "549C3BC2-63D2-42FA-8984-EB128307207E"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19B08E87-DCB7-4C2C-BDF8-668662B6EE58"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F545F2-284A-4408-B14B-B1465E176EBB"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32A9987A-0F8E-4C39-8E97-ED3AD9406DD1"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5.pl1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FE0FE37-5B63-4223-96C6-29BE6E4E2A38"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5.pl2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C1674FB-3745-4BF7-B5F3-31A4CB215FA7"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5.pl3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BB7FC4C-DB19-4481-85F5-BC5D5350F763"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06C07C1-B8E4-4D97-8FD3-17F2B06F2D4F"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9593FFEB-AD09-41EC-950D-5031C7C0AD5B"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD289399-93D2-4CA9-8F47-9CE988C01EF6"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6529D3F-8BF1-4786-8A2A-EEA5333EF6BA"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB63EE52-AC26-4EEF-B1A9-7646B775A047"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6EA0CD3-E34F-49B0-BE66-C1E8FBAE3BA2"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "082CF717-6FA4-4D22-9B76-AF5B93D8560D"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "121594F2-E714-4E49-AAF4-7514F1B87646"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7841881-DAE5-46A1-AFC5-5FD39F562BEA"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90AB990C-8001-4806-A738-4A64590C6C56"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA21F45F-6E49-4318-99BE-DFB1558B8B4D"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "059CD172-ADE1-4FCB-8D84-298BA42619A7"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F870B42-E57D-4F60-A23E-06F047BCB4B1"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "690C9C93-BB9F-47A5-9A35-B74A6880EAA6"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9249610A-71BB-48A2-BCCD-C1E29F3AD0B3"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "746D9173-90F4-4E82-B6D3-7C21A87FE2FC"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD719B97-ED18-40A9-A3A5-81078F262F8B"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAAE38F5-BB94-442D-8705-DE4E90F9157F"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87ED44C1-8CEE-4B19-90D2-0DE6C84C5CB0"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9032E4DB-C006-4518-89C0-3A2308E1E377"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8614BDE0-BF9C-4E76-B2B2-76816D615697"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "149A1A90-65A5-4BF1-A2A6-C5915E0A834B"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.2.pl1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA5F3981-D478-4D94-8925-C3E7C97F25BF"}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.2.pl2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C85324AE-C3BE-4864-8212-E2823AFA6E2F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.3 /10