Lucene search

[email protected]NVD:CVE-2012-4267

HistoryAug 13, 2012 - 10:55 p.m.

CVE-2012-4267

2012-08-1322:55:01

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.005

Percentile

77.4%

JSON

Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.

Affected configurations

Nvd

Node

pu-ghsocksoRange≤1.5

pu-ghsocksoMatch1.1

pu-ghsocksoMatch1.1.1

pu-ghsocksoMatch1.1.2

pu-ghsocksoMatch1.1.3

pu-ghsocksoMatch1.1.4

pu-ghsocksoMatch1.1.5

pu-ghsocksoMatch1.1.6

pu-ghsocksoMatch1.1.7

pu-ghsocksoMatch1.1.8

pu-ghsocksoMatch1.2

pu-ghsocksoMatch1.2.1

pu-ghsocksoMatch1.2.2

pu-ghsocksoMatch1.2.3

pu-ghsocksoMatch1.2.4

pu-ghsocksoMatch1.2.5

pu-ghsocksoMatch1.2.6

pu-ghsocksoMatch1.2.7

pu-ghsocksoMatch1.3

pu-ghsocksoMatch1.3.1

pu-ghsocksoMatch1.3.2

pu-ghsocksoMatch1.3.3

pu-ghsocksoMatch1.3.4

pu-ghsocksoMatch1.3.5

pu-ghsocksoMatch1.4

pu-ghsocksoMatch1.4.1

pu-ghsocksoMatch1.4.2

VendorProductVersionCPE
pu-ghsockso*cpe:2.3:a:pu-gh:sockso:*:*:*:*:*:*:*:*
pu-ghsockso1.1cpe:2.3:a:pu-gh:sockso:1.1:*:*:*:*:*:*:*
pu-ghsockso1.1.1cpe:2.3:a:pu-gh:sockso:1.1.1:*:*:*:*:*:*:*
pu-ghsockso1.1.2cpe:2.3:a:pu-gh:sockso:1.1.2:*:*:*:*:*:*:*
pu-ghsockso1.1.3cpe:2.3:a:pu-gh:sockso:1.1.3:*:*:*:*:*:*:*
pu-ghsockso1.1.4cpe:2.3:a:pu-gh:sockso:1.1.4:*:*:*:*:*:*:*
pu-ghsockso1.1.5cpe:2.3:a:pu-gh:sockso:1.1.5:*:*:*:*:*:*:*
pu-ghsockso1.1.6cpe:2.3:a:pu-gh:sockso:1.1.6:*:*:*:*:*:*:*
pu-ghsockso1.1.7cpe:2.3:a:pu-gh:sockso:1.1.7:*:*:*:*:*:*:*
pu-ghsockso1.1.8cpe:2.3:a:pu-gh:sockso:1.1.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pu-gh	sockso	*	cpe:2.3:a:pu-gh:sockso::::::::
pu-gh	sockso	1.1	cpe:2.3:a:pu-gh:sockso:1.1:::::::*
pu-gh	sockso	1.1.1	cpe:2.3:a:pu-gh:sockso:1.1.1:::::::*
pu-gh	sockso	1.1.2	cpe:2.3:a:pu-gh:sockso:1.1.2:::::::*
pu-gh	sockso	1.1.3	cpe:2.3:a:pu-gh:sockso:1.1.3:::::::*
pu-gh	sockso	1.1.4	cpe:2.3:a:pu-gh:sockso:1.1.4:::::::*
pu-gh	sockso	1.1.5	cpe:2.3:a:pu-gh:sockso:1.1.5:::::::*
pu-gh	sockso	1.1.6	cpe:2.3:a:pu-gh:sockso:1.1.6:::::::*
pu-gh	sockso	1.1.7	cpe:2.3:a:pu-gh:sockso:1.1.7:::::::*
pu-gh	sockso	1.1.8	cpe:2.3:a:pu-gh:sockso:1.1.8:::::::*

Rows per page:

1-10 of 271

References

secunia.com/advisories/49148

smwyg.com/blog/#sockso-persistant-xss-attack

www.exploit-db.com/exploits/18868

github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136

github.com/rodnaph/sockso/issues/93

github.com/rodnaph/sockso/pull/99/files

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.005

Percentile

77.4%

JSON

Related for NVD:CVE-2012-4267

cve1 openvas1 exploitdb1 cvelist1 prion1