Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5295

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5295
Last Modified 05 Oct 2012 12:00:00
Published 04 Oct 2012 01:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5295

Summary

Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.

Vulnerable Systems

Application

  • Fusetalk 3.0

  • Fusetalk 3.1

  • Fusetalk 3.2

  • Fusetalk. Fusetalk 2.0


References

XF - fusetalk-logincfm-xss(72083)

SECTRACK - 1026483

BID - 51227

MISC - http://st2tea.blogspot.com/2012/01/fusetalk-forums-v32-cross-site.html

SECUNIA - 40850


Last Updated: 27 May 2016 11:00:52