CVE-2012-6133

Опубликовано: 30 янв. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.

Ссылки

http://issues.roundup-tracker.org/issue2550724
Issue Tracking
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/10/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/02/13/8
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=722672
Issue Tracking
Third Party Advisory
https://pypi.python.org/pypi/roundup/1.4.20
Exploit
Third Party Advisory
http://issues.roundup-tracker.org/issue2550724
Issue Tracking
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/10/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/02/13/8
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=722672
Issue Tracking
Third Party Advisory
https://pypi.python.org/pypi/roundup/1.4.20
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*

Версия до 1.4.20 (исключая)

EPSS

Процентиль: 64%

0.00479

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2012-6133

CVSS3: 6.1

ubuntu

около 6 лет назад

CVE-2012-6133

CVSS3: 6.1

debian

около 6 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Roundup before ...

GHSA-5jq3-8437-x35p

CVSS3: 6.1

github

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in Roundup

EPSS

Процентиль: 64%

0.00479

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79