Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4892

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4892
Last Modified 11 Sep 2012 12:00:00
Published 10 Sep 2012 06:55:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4892

Summary

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Systems

Application

  • Flatnux 2008-12-11

  • Flatnux 2009-01-27

  • Flatnux 2009-02-04

  • Flatnux 2011-08-09-2

  • Flatnux 2012-03.08


References

XF - flatnux-index-xss(74566)

OSVDB - 80877

SECUNIA - 48656


Last Updated: 27 May 2016 11:00:32