CVE-2012-0984

2014-09-1114:16:03

CWE-79

mitre

web.nvd.nist.gov

security

cve-2012-0984

xss

xoops

vulnerabilities

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.019

Percentile

88.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.

Affected configurations

Nvd

Node

xoopsxoopsRange≤2.5.4

xoopsxoopsMatch2.5.0

xoopsxoopsMatch2.5.1

xoopsxoopsMatch2.5.2

xoopsxoopsMatch2.5.2rc

xoopsxoopsMatch2.5.3

VendorProductVersionCPE
xoopsxoops*cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*
xoopsxoops2.5.0cpe:2.3:a:xoops:xoops:2.5.0:*:*:*:*:*:*:*
xoopsxoops2.5.1cpe:2.3:a:xoops:xoops:2.5.1:*:*:*:*:*:*:*
xoopsxoops2.5.2cpe:2.3:a:xoops:xoops:2.5.2:*:*:*:*:*:*:*
xoopsxoops2.5.2cpe:2.3:a:xoops:xoops:2.5.2:rc:*:*:*:*:*:*
xoopsxoops2.5.3cpe:2.3:a:xoops:xoops:2.5.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xoops	xoops	*	cpe:2.3:a:xoops:xoops::::::::
xoops	xoops	2.5.0	cpe:2.3:a:xoops:xoops:2.5.0:::::::*
xoops	xoops	2.5.1	cpe:2.3:a:xoops:xoops:2.5.1:::::::*
xoops	xoops	2.5.2	cpe:2.3:a:xoops:xoops:2.5.2:::::::*
xoops	xoops	2.5.2	cpe:2.3:a:xoops:xoops:2.5.2:rc::::::
xoops	xoops	2.5.3	cpe:2.3:a:xoops:xoops:2.5.3:::::::*