Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1410

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1410
Last Modified 29 Feb 2012 12:00:00
Published 29 Feb 2012 06:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1410

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.

Vulnerable Systems

Application

  • Kadu 0.10.0

  • Kadu 0.11.0

  • Kadu 0.9.0


References

CONFIRM - https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52

CONFIRM - https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84

CONFIRM - https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0

CONFIRM - https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=797777

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=749036

MLIST - [oss-security] 20120227 CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history

MLIST - [oss-security] 20120227 Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history


Last Updated: 27 May 2016 10:58:19