Vulnerability CVE-2012-1004


Published: 2012-02-07   Modified: 2012-02-13

Description:
Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information.

CVSS2 => (AV:N/AC:H/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Remote
High
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Foswiki -> Foswiki 

 References:
http://st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html
http://secunia.com/advisories/47849
http://foswiki.org/Tasks/Item11501
http://foswiki.org/Tasks/Item11498
http://foswiki.org/Support/SecurityAlert-CVE-2012-1004

Copyright 2020, cxsecurity.com

 

Back to Top