Lucene search

MitreCVE-2012-6564

HistoryJun 17, 2013 - 11:38 a.m.

CVE-2012-6564

2013-06-1711:38:48

CWE-79

mitre

web.nvd.nist.gov

cve-2012-6564

xss

vulnerability

redcap

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

vanderbiltredcapRange≤4.14.4

vanderbiltredcapMatch4.14.0

vanderbiltredcapMatch4.14.1

vanderbiltredcapMatch4.14.2

vanderbiltredcapMatch4.14.3

VendorProductVersionCPE
vanderbiltredcap*cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*
vanderbiltredcap4.14.0cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*
vanderbiltredcap4.14.1cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*
vanderbiltredcap4.14.2cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*
vanderbiltredcap4.14.3cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vanderbilt	redcap	*	cpe:2.3:a:vanderbilt:redcap::::::::
vanderbilt	redcap	4.14.0	cpe:2.3:a:vanderbilt:redcap:4.14.0:::::::*
vanderbilt	redcap	4.14.1	cpe:2.3:a:vanderbilt:redcap:4.14.1:::::::*
vanderbilt	redcap	4.14.2	cpe:2.3:a:vanderbilt:redcap:4.14.2:::::::*
vanderbilt	redcap	4.14.3	cpe:2.3:a:vanderbilt:redcap:4.14.3:::::::*

References

ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

Related for CVE-2012-6564