Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4873

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4873
Last Modified 10 Sep 2012 12:00:00
Published 06 Sep 2012 05:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4873

Summary

Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.

Vulnerable Systems

Application

  • Sir Gnuboard 4.34


References

BID - 52622

EXPLOIT-DB - 18627

CONFIRM - http://sir.co.kr/bbs/board.php?bo_table=g4_pds&wr_id=7156

SECUNIA - 48458


Last Updated: 27 May 2016 11:00:30