Lucene search

PRIOn knowledge basePRION:CVE-2012-1004

HistoryFeb 08, 2012 - 4:11 a.m.

Cross site scripting

2012-02-0804:11:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
foswikieq1.1.2
foswikieq1.1.4
foswikieq1.1.4 beta
foswikieq1.1.1
foswikieq1.1.4 rc
foswikieq1.1.0
foswikieq1.1.3

Name	Operator	Version
foswiki	eq	1.1.2
foswiki	eq	1.1.4
foswiki	eq	1.1.4 beta
foswiki	eq	1.1.1
foswiki	eq	1.1.4 rc
foswiki	eq	1.1.0
foswiki	eq	1.1.3

References

foswiki.org/Support/SecurityAlert-CVE-2012-1004

foswiki.org/Tasks/Item11498

foswiki.org/Tasks/Item11501

secunia.com/advisories/47849

st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html