Lucene search

RedhatCVE-2012-2099

HistoryJan 24, 2013 - 1:55 a.m.

CVE-2012-2099

2013-01-2401:55:02

CWE-79

redhat

web.nvd.nist.gov

cve-2012-2099

cross-site scripting

xss vulnerabilities

wikidforum 2.10

remote attackers

web script

html

advanced search

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.028

Percentile

90.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.

Affected configurations

Nvd

Node

wikidforumwikidforumMatch2.10

VendorProductVersionCPE
wikidforumwikidforum2.10cpe:2.3:a:wikidforum:wikidforum:2.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wikidforum	wikidforum	2.10	cpe:2.3:a:wikidforum:wikidforum:2.10:::::::*

References

archives.neohapsis.com/archives/bugtraq/2012-03/0046.html

www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt

www.openwall.com/lists/oss-security/2012/04/12/12

www.openwall.com/lists/oss-security/2012/04/12/5

www.osvdb.org/80838

www.osvdb.org/80839

www.securityfocus.com/bid/52425

www.wikidforum.com/forum/forum-software_29/wikidforum-support_31/sschadv2012-005-unfixed-xss-and-sql-injection-security-vulnerabilities_188.html

exchange.xforce.ibmcloud.com/vulnerabilities/73985

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.028

Percentile

90.7%

JSON

Related for CVE-2012-2099