Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1188

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1188
Last Modified 26 Sep 2012 12:00:00
Published 25 Sep 2012 08:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1188

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.

Vulnerable Systems

Application

  • Fork-cms Fork Cms 3.2.6


References

MISC - https://www.htbridge.ch/advisory/HTB23075

CONFIRM - https://github.com/forkcms/forkcms/commit/995220182068518e89019a265d113518f6566407

CONFIRM - https://github.com/forkcms/forkcms/commit/1269fe8b3813c7b7d5552a2b88bc2e7bd4d0c1f9

XF - forkcms-index-xss(73605)

BID - 52236

OSVDB - 79692

CONFIRM - http://www.fork-cms.com/blog/detail/fork-cms-3-2-7-released

SECUNIA - 48183

BUGTRAQ - 20120307 Multiple XSS in Fork CMS


Last Updated: 27 May 2016 11:00:48