Lucene search

MitreCVE-2012-5321

HistoryOct 08, 2012 - 6:55 p.m.

CVE-2012-5321

2012-10-0818:55:01

CWE-20

mitre

web.nvd.nist.gov

cve

2012

5321

tikiwiki

cms

groupware

frame injection

vulnerability

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.013

Percentile

86.2%

JSON

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka “frame injection.”

Affected configurations

Nvd

Node

tikitikiwiki_cms\/groupwareMatch8.3

VendorProductVersionCPE
tikitikiwiki_cms\/groupware8.3cpe:2.3:a:tiki:tikiwiki_cms\/groupware:8.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tiki	tikiwiki_cms\/groupware	8.3	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:8.3:::::::*

References

osvdb.org/79409

secunia.com/advisories/48102

st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html

www.securityfocus.com/bid/52079

www.securitytracker.com/id?1026708

exchange.xforce.ibmcloud.com/vulnerabilities/73403

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.013

Percentile

86.2%

JSON

Related for CVE-2012-5321