Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3830

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3830
Last Modified 13 Aug 2012 11:38:51
Published 03 Jul 2012 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3830

Summary

Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive.

Vulnerable Systems

Application

  • Milesj Decoda 2.2

  • Milesj Decoda 2.3

  • Milesj Decoda 2.4

  • Milesj Decoda 2.5

  • Milesj Decoda 2.6

  • Milesj Decoda 2.7

  • Milesj Decoda 2.8

  • Milesj Decoda 2.9

  • Milesj Decoda 3.0

  • Milesj Decoda 3.1

  • Milesj Decoda 3.2

  • Milesj Decoda 3.3

  • Milesj Decoda 3.3.1


References

CONFIRM - https://github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9

CONFIRM - https://github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83

BID - 53332

MISC - http://www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags

SECUNIA - 48931

XF - decoda-decoda-xss(75333)

OSVDB - 81637


Last Updated: 27 May 2016 10:57:33