Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1912

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1912
Last Modified 10 Sep 2012 12:00:00
Published 09 Sep 2012 05:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1912

Summary

Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.

Vulnerable Systems

Application

  • Chatelao Php Address Book 1.0

  • Chatelao Php Address Book 1.2

  • Chatelao Php Address Book 2.0

  • Chatelao Php Address Book 2.1

  • Chatelao Php Address Book 2.1.1

  • Chatelao Php Address Book 2.2

  • Chatelao Php Address Book 2.3

  • Chatelao Php Address Book 2.4

  • Chatelao Php Address Book 2.6

  • Chatelao Php Address Book 3.0

  • Chatelao Php Address Book 3.1

  • Chatelao Php Address Book 3.1.1

  • Chatelao Php Address Book 3.1.2

  • Chatelao Php Address Book 3.1.3

  • Chatelao Php Address Book 3.1.4

  • Chatelao Php Address Book 3.1.5

  • Chatelao Php Address Book 3.1.6

  • Chatelao Php Address Book 3.2

  • Chatelao Php Address Book 3.2.1

  • Chatelao Php Address Book 3.2.10

  • Chatelao Php Address Book 3.2.11

  • Chatelao Php Address Book 3.2.12

  • Chatelao Php Address Book 3.2.13

  • Chatelao Php Address Book 3.2.14

  • Chatelao Php Address Book 3.2.2

  • Chatelao Php Address Book 3.2.3

  • Chatelao Php Address Book 3.2.4

  • Chatelao Php Address Book 3.2.5

  • Chatelao Php Address Book 3.2.6

  • Chatelao Php Address Book 3.2.7

  • Chatelao Php Address Book 3.2.8

  • Chatelao Php Address Book 3.2.9

  • Chatelao Php Address Book 3.3

  • Chatelao Php Address Book 3.3.1

  • Chatelao Php Address Book 3.3.10

  • Chatelao Php Address Book 3.3.12

  • Chatelao Php Address Book 3.3.13

  • Chatelao Php Address Book 3.3.14

  • Chatelao Php Address Book 3.3.15

  • Chatelao Php Address Book 3.3.16

  • Chatelao Php Address Book 3.3.17

  • Chatelao Php Address Book 3.3.18

  • Chatelao Php Address Book 3.3.2

  • Chatelao Php Address Book 3.3.3

  • Chatelao Php Address Book 3.3.4

  • Chatelao Php Address Book 3.3.5

  • Chatelao Php Address Book 3.3.6

  • Chatelao Php Address Book 3.3.7

  • Chatelao Php Address Book 3.3.8

  • Chatelao Php Address Book 3.3.9

  • Chatelao Php Address Book 3.4

  • Chatelao Php Address Book 3.4.1

  • Chatelao Php Address Book 3.4.2

  • Chatelao Php Address Book 3.4.3

  • Chatelao Php Address Book 3.4.4

  • Chatelao Php Address Book 3.4.5

  • Chatelao Php Address Book 3.4.6

  • Chatelao Php Address Book 3.4.7

  • Chatelao Php Address Book 3.4.8

  • Chatelao Php Address Book 3.4.9

  • Chatelao Php Address Book 4.0

  • Chatelao Php Address Book 4.0.2

  • Chatelao Php Address Book 4.1.1

  • Chatelao Php Address Book 4.1.3

  • Chatelao Php Address Book 4.1.4

  • Chatelao Php Address Book 5.0

  • Chatelao Php Address Book 5.1

  • Chatelao Php Address Book 5.2

  • Chatelao Php Address Book 5.3

  • Chatelao Php Address Book 5.4

  • Chatelao Php Address Book 5.4.1

  • Chatelao Php Address Book 5.4.2

  • Chatelao Php Address Book 5.4.3

  • Chatelao Php Address Book 5.4.4

  • Chatelao Php Address Book 5.4.5

  • Chatelao Php Address Book 5.4.6

  • Chatelao Php Address Book 5.4.7

  • Chatelao Php Address Book 5.4.9

  • Chatelao Php Address Book 5.5

  • Chatelao Php Address Book 5.6

  • Chatelao Php Address Book 5.7

  • Chatelao Php Address Book 5.7.1

  • Chatelao Php Address Book 5.7.2

  • Chatelao Php Address Book 5.7.3

  • Chatelao Php Address Book 5.7.4

  • Chatelao Php Address Book 5.7.5

  • Chatelao Php Address Book 5.8.1

  • Chatelao Php Address Book 6.0

  • Chatelao Php Address Book 6.1

  • Chatelao Php Address Book 6.1.1

  • Chatelao Php Address Book 6.1.2

  • Chatelao Php Address Book 6.1.3

  • Chatelao Php Address Book 6.1.4

  • Chatelao Php Address Book 6.2

  • Chatelao Php Address Book 6.2.1

  • Chatelao Php Address Book 6.2.10

  • Chatelao Php Address Book 6.2.11

  • Chatelao Php Address Book 6.2.12

  • Chatelao Php Address Book 6.2.2

  • Chatelao Php Address Book 6.2.3

  • Chatelao Php Address Book 6.2.4

  • Chatelao Php Address Book 6.2.5

  • Chatelao Php Address Book 6.2.6

  • Chatelao Php Address Book 6.2.7

  • Chatelao Php Address Book 6.2.9

  • Chatelao Php Address Book 7.0


References

XF - phpaddressbook-multiple-xss(73944)

BID - 53598

BID - 52396

EXPLOIT-DB - 18578

MISC - http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html

MISC - http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt

MISC - http://sourceforge.net/tracker/?func=detail&aid=3527242&group_id=157964&atid=805929

MISC - http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929

MISC - http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929

SECUNIA - 49212

SECUNIA - 42781


Last Updated: 27 May 2016 11:00:32