Lucene search

JpcertCVE-2012-5181

HistoryDec 21, 2012 - 9:55 p.m.

CVE-2012-5181

2012-12-2121:55:01

CWE-79

jpcert

web.nvd.nist.gov

cve

2012

5181

cross-site scripting

xss

vulnerability

concrete5

japanese

english

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

concrete5concrete5Match5.5.0en

concrete5concrete5Match5.5.1en

concrete5concrete5Match5.5.1ja

concrete5concrete5Match5.5.2en

concrete5concrete5Match5.5.2ja

concrete5concrete5Match5.5.2.1en

concrete5concrete5Match5.5.2.1ja

concrete5concrete5Match5.6.0en

concrete5concrete5Match5.6.0.1en

concrete5concrete5Match5.6.0.2en

VendorProductVersionCPE
concrete5concrete55.5.0cpe:2.3:a:concrete5:concrete5:5.5.0:*:*:en:*:*:*:*
concrete5concrete55.5.1cpe:2.3:a:concrete5:concrete5:5.5.1:*:*:en:*:*:*:*
concrete5concrete55.5.1cpe:2.3:a:concrete5:concrete5:5.5.1:*:*:ja:*:*:*:*
concrete5concrete55.5.2cpe:2.3:a:concrete5:concrete5:5.5.2:*:*:en:*:*:*:*
concrete5concrete55.5.2cpe:2.3:a:concrete5:concrete5:5.5.2:*:*:ja:*:*:*:*
concrete5concrete55.5.2.1cpe:2.3:a:concrete5:concrete5:5.5.2.1:*:*:en:*:*:*:*
concrete5concrete55.5.2.1cpe:2.3:a:concrete5:concrete5:5.5.2.1:*:*:ja:*:*:*:*
concrete5concrete55.6.0cpe:2.3:a:concrete5:concrete5:5.6.0:*:*:en:*:*:*:*
concrete5concrete55.6.0.1cpe:2.3:a:concrete5:concrete5:5.6.0.1:*:*:en:*:*:*:*
concrete5concrete55.6.0.2cpe:2.3:a:concrete5:concrete5:5.6.0.2:*:*:en:*:*:*:*

Vendor	Product	Version	CPE
concrete5	concrete5	5.5.0	cpe:2.3:a:concrete5:concrete5:5.5.0:::en::::
concrete5	concrete5	5.5.1	cpe:2.3:a:concrete5:concrete5:5.5.1:::en::::
concrete5	concrete5	5.5.1	cpe:2.3:a:concrete5:concrete5:5.5.1:::ja::::
concrete5	concrete5	5.5.2	cpe:2.3:a:concrete5:concrete5:5.5.2:::en::::
concrete5	concrete5	5.5.2	cpe:2.3:a:concrete5:concrete5:5.5.2:::ja::::
concrete5	concrete5	5.5.2.1	cpe:2.3:a:concrete5:concrete5:5.5.2.1:::en::::
concrete5	concrete5	5.5.2.1	cpe:2.3:a:concrete5:concrete5:5.5.2.1:::ja::::
concrete5	concrete5	5.6.0	cpe:2.3:a:concrete5:concrete5:5.6.0:::en::::
concrete5	concrete5	5.6.0.1	cpe:2.3:a:concrete5:concrete5:5.6.0.1:::en::::
concrete5	concrete5	5.6.0.2	cpe:2.3:a:concrete5:concrete5:5.6.0.2:::en::::

References

concrete5-japan.org/news/concrete5602ja-release/

jvn.jp/en/jp/JVN65458431/index.html

jvndb.jvn.jp/jvndb/JVNDB-2012-000113

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

Related for CVE-2012-5181