Lucene search
HistoryApr 17, 2012 - 6:55 p.m.
CVE-2012-1979
cve-2012-1979
xss vulnerability
syndeocms 3.0.01
security vulnerability
nvd
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.4%
Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.
Affected configurations
Node
syndeocmssyndeocmsRange≤3.0.01
ORsyndeocmssyndeocmsMatch2.4
ORsyndeocmssyndeocmsMatch2.4.10
ORsyndeocmssyndeocmsMatch2.5.00
ORsyndeocmssyndeocmsMatch2.5.01
ORsyndeocmssyndeocmsMatch2.6.00
ORsyndeocmssyndeocmsMatch2.7.00
ORsyndeocmssyndeocmsMatch2.8.00
ORsyndeocmssyndeocmsMatch2.8.1
ORsyndeocmssyndeocmsMatch2.8.02
ORsyndeocmssyndeocmsMatch2.9.00
ORsyndeocmssyndeocmsMatch3.0.00
References
Related
cvelist
cvelist
CVE-2012-1979
2012-04-17 18:00:00
seebug
seebug
SyndeoCMS <= 3.0.01 Persistent XSS
2014-07-01 00:00:00
packetstorm
packetstorm
SyndeoCMS 3.0.01 Cross Site Scripting
2012-03-30 00:00:00
exploitpack
exploitpack
SyndeoCMS 3.0.01 - Persistent Cross-Site Scripting
2012-03-30 00:00:00
nvd
nvd
CVE-2012-1979
2012-04-17 18:55:01
prion
prion
Cross site scripting
2012-04-17 18:55:00
exploitdb
exploitdb
SyndeoCMS 3.0.01 - Persistent Cross-Site Scripting
2012-03-30 00:00:00
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.4%
Related for CVE-2012-1979