Lucene search

MitreCVE-2012-3836

HistoryJul 03, 2012 - 10:55 p.m.

CVE-2012-3836

2012-07-0322:55:02

CWE-79

mitre

web.nvd.nist.gov

cve-2012-3836

cross-site scripting

xss

baby gekko

web script injection

html injection

security vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7) province, (8) postal, (9) country, (10) tollfree, (11) phone, (12) fax, or (13) mobile parameter in a saveitem action in the contacts module; (14) title parameter in a savecategory action in the menus module; (15) firstname or (16) lastname in a saveitem action in the users module; (17) meta_key or (18) meta_description in a saveitem action in the blog module; or (19) the PATH_INFO to admin/index.php.

Affected configurations

Nvd

Node

babygekkobaby_gekkoRange≤1.1.5

babygekkobaby_gekkoMatch0.90

babygekkobaby_gekkoMatch0.91

babygekkobaby_gekkoMatch0.98alpha

babygekkobaby_gekkoMatch0.99beta

babygekkobaby_gekkoMatch1.0.0

babygekkobaby_gekkoMatch1.0.1

babygekkobaby_gekkoMatch1.1.0

babygekkobaby_gekkoMatch1.1.1

babygekkobaby_gekkoMatch1.1.2

babygekkobaby_gekkoMatch1.1.3

babygekkobaby_gekkoMatch1.1.4

VendorProductVersionCPE
babygekkobaby_gekko*cpe:2.3:a:babygekko:baby_gekko:*:*:*:*:*:*:*:*
babygekkobaby_gekko0.90cpe:2.3:a:babygekko:baby_gekko:0.90:*:*:*:*:*:*:*
babygekkobaby_gekko0.91cpe:2.3:a:babygekko:baby_gekko:0.91:*:*:*:*:*:*:*
babygekkobaby_gekko0.98cpe:2.3:a:babygekko:baby_gekko:0.98:alpha:*:*:*:*:*:*
babygekkobaby_gekko0.99cpe:2.3:a:babygekko:baby_gekko:0.99:beta:*:*:*:*:*:*
babygekkobaby_gekko1.0.0cpe:2.3:a:babygekko:baby_gekko:1.0.0:*:*:*:*:*:*:*
babygekkobaby_gekko1.0.1cpe:2.3:a:babygekko:baby_gekko:1.0.1:*:*:*:*:*:*:*
babygekkobaby_gekko1.1.0cpe:2.3:a:babygekko:baby_gekko:1.1.0:*:*:*:*:*:*:*
babygekkobaby_gekko1.1.1cpe:2.3:a:babygekko:baby_gekko:1.1.1:*:*:*:*:*:*:*
babygekkobaby_gekko1.1.2cpe:2.3:a:babygekko:baby_gekko:1.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
babygekko	baby_gekko	*	cpe:2.3:a:babygekko:baby_gekko::::::::
babygekko	baby_gekko	0.90	cpe:2.3:a:babygekko:baby_gekko:0.90:::::::*
babygekko	baby_gekko	0.91	cpe:2.3:a:babygekko:baby_gekko:0.91:::::::*
babygekko	baby_gekko	0.98	cpe:2.3:a:babygekko:baby_gekko:0.98:alpha::::::
babygekko	baby_gekko	0.99	cpe:2.3:a:babygekko:baby_gekko:0.99:beta::::::
babygekko	baby_gekko	1.0.0	cpe:2.3:a:babygekko:baby_gekko:1.0.0:::::::*
babygekko	baby_gekko	1.0.1	cpe:2.3:a:babygekko:baby_gekko:1.0.1:::::::*
babygekko	baby_gekko	1.1.0	cpe:2.3:a:babygekko:baby_gekko:1.1.0:::::::*
babygekko	baby_gekko	1.1.1	cpe:2.3:a:babygekko:baby_gekko:1.1.1:::::::*
babygekko	baby_gekko	1.1.2	cpe:2.3:a:babygekko:baby_gekko:1.1.2:::::::*

Rows per page:

1-10 of 121

References

secunia.com/advisories/49023

www.babygekko.com/site/news/general/baby-gekko-v1-2-0-released-with-3rd-party-independent-security-testing-performed-by-zero-science-lab.html

www.exploit-db.com/exploits/18827

www.securityfocus.com/bid/53366

www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Related for CVE-2012-3836