Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0829

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2012-0829
Last Modified 14 Feb 2012 12:00:00
Published 13 Feb 2012 07:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-0829

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php.

Vulnerable Systems

Application

  • Mibew Messenger 1.0.10

  • Mibew Messenger 1.0.6

  • Mibew Messenger 1.0.7

  • Mibew Messenger 1.0.8

  • Mibew Messenger 1.0.9

  • Mibew Messenger 1.4.0

  • Mibew Messenger 1.4.1

  • Mibew Messenger 1.4.2

  • Mibew Messenger 1.5.0

  • Mibew Messenger 1.5.1

  • Mibew Messenger 1.5.2

  • Mibew Messenger 1.6.0

  • Mibew Messenger 1.6.1

  • Mibew Messenger 1.6.2

  • Mibew Messenger 1.6.3

  • Mibew Messenger 1.6.4


References

XF - mibew-webinterface-csrf(72822)

BID - 51723

MLIST - [oss-security] 20120202 Re: XSS hiding CSRF (was: Re: Mibew messenger multiple XSS)

MISC - http://www.codseq.it/advisories/mibew_messenger_multiple_xss

SECUNIA - 47787

BUGTRAQ - 20120130 Mibew messenger multiple XSS


Last Updated: 27 May 2016 10:57:26