Lucene search

MitreCVE-2012-4270

HistoryAug 13, 2012 - 10:55 p.m.

CVE-2012-4270

2012-08-1322:55:01

CWE-79

mitre

web.nvd.nist.gov

cve

2012

4270

cross-site scripting

xss

vulnerability

efront

remote authenticated users

web script

html

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

39.3%

JSON

Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message.

Affected configurations

Nvd

Node

efrontlearningefrontMatch3.6.11

VendorProductVersionCPE
efrontlearningefront3.6.11cpe:2.3:a:efrontlearning:efront:3.6.11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
efrontlearning	efront	3.6.11	cpe:2.3:a:efrontlearning:efront:3.6.11:::::::*

References

packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html

www.securityfocus.com/bid/53412

exchange.xforce.ibmcloud.com/vulnerabilities/75442

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

39.3%

JSON

Related for CVE-2012-4270