Lucene search

[email protected]CVE-2012-2234

HistoryApr 22, 2012 - 3:44 a.m.

CVE-2012-2234

2012-04-2203:44:43

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-2234

cross-site scripting

xss

vulnerability

teampass

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%

JSON

Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.

Affected configurations

NVD

Node

teampassteampassRange≤2.1.5

teampassteampassMatch2.1

teampassteampassMatch2.1.1

teampassteampassMatch2.1.2

teampassteampassMatch2.1.3

teampassteampassMatch2.1.4

CPENameOperatorVersion
teampass:teampassteampassle2.1.5
teampass:teampassteampasseq2.1
teampass:teampassteampasseq2.1.1
teampass:teampassteampasseq2.1.2
teampass:teampassteampasseq2.1.3
teampass:teampassteampasseq2.1.4

CPE	Name	Operator	Version
teampass:teampass	teampass	le	2.1.5
teampass:teampass	teampass	eq	2.1
teampass:teampass	teampass	eq	2.1.1
teampass:teampass	teampass	eq	2.1.2
teampass:teampass	teampass	eq	2.1.3
teampass:teampass	teampass	eq	2.1.4

References

osvdb.org/81197

packetstormsecurity.org/files/111905/

www.securityfocus.com/bid/53038

exchange.xforce.ibmcloud.com/vulnerabilities/74910

github.com/nilsteampassnet/TeamPass/blob/master/readme.txt

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%

JSON

Related for CVE-2012-2234

packetstorm1 prion1 nvd1 cvelist1