CVE-2012-0790

EUVD-2012-0821
Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
oetikersmokeping
𝑥
≤ 2.6.6
oetikersmokeping
0.99.5
oetikersmokeping
0.99.6
oetikersmokeping
0.99.7
oetikersmokeping
0.99.8
oetikersmokeping
0.99.9
oetikersmokeping
0.99.10
oetikersmokeping
0.99.11
oetikersmokeping
0.99.12
oetikersmokeping
0.99.13
oetikersmokeping
0.99.14
oetikersmokeping
0.99.15
oetikersmokeping
0.99.16
oetikersmokeping
0.99.17
oetikersmokeping
0.99.18
oetikersmokeping
1.0
oetikersmokeping
1.1
oetikersmokeping
1.2
oetikersmokeping
1.3
oetikersmokeping
1.4
oetikersmokeping
1.5
oetikersmokeping
1.6
oetikersmokeping
1.7
oetikersmokeping
1.8
oetikersmokeping
1.9
oetikersmokeping
1.10
oetikersmokeping
1.11
oetikersmokeping
1.12
oetikersmokeping
1.13
oetikersmokeping
1.14
oetikersmokeping
1.15
oetikersmokeping
1.16
oetikersmokeping
1.17
oetikersmokeping
1.18
oetikersmokeping
1.19
oetikersmokeping
1.20
oetikersmokeping
1.21
oetikersmokeping
1.22
oetikersmokeping
1.23
oetikersmokeping
1.24
oetikersmokeping
1.25
oetikersmokeping
1.26
oetikersmokeping
1.27
oetikersmokeping
1.28
oetikersmokeping
1.29
oetikersmokeping
1.30
oetikersmokeping
1.31
oetikersmokeping
1.34
oetikersmokeping
1.36
oetikersmokeping
1.37
oetikersmokeping
1.38
oetikersmokeping
2.0:rc1
oetikersmokeping
2.0:rc2
oetikersmokeping
2.0:rc3
oetikersmokeping
2.0.0
oetikersmokeping
2.0.1
oetikersmokeping
2.0.2
oetikersmokeping
2.0.3
oetikersmokeping
2.0.4
oetikersmokeping
2.0.5
oetikersmokeping
2.0.6
oetikersmokeping
2.0.7
oetikersmokeping
2.0.8
oetikersmokeping
2.0.9
oetikersmokeping
2.1.0
oetikersmokeping
2.1.1
oetikersmokeping
2.2.0
oetikersmokeping
2.2.1
oetikersmokeping
2.2.2
oetikersmokeping
2.2.3
oetikersmokeping
2.2.4
oetikersmokeping
2.2.5
oetikersmokeping
2.2.6
oetikersmokeping
2.2.7
oetikersmokeping
2.3.0
oetikersmokeping
2.3.1
oetikersmokeping
2.3.2
oetikersmokeping
2.3.3
oetikersmokeping
2.3.4
oetikersmokeping
2.3.5
oetikersmokeping
2.3.6
oetikersmokeping
2.4.0
oetikersmokeping
2.4.1
oetikersmokeping
2.4.2
oetikersmokeping
2.5.0
oetikersmokeping
2.5.1
oetikersmokeping
2.6.0
oetikersmokeping
2.6.1
oetikersmokeping
2.6.2
oetikersmokeping
2.6.3
oetikersmokeping
2.6.4
oetikersmokeping
2.6.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
smokeping
bookworm
2.7.3-4.1
fixed
bullseye
2.7.3-3
fixed
sid
2.8.2+ds-1
fixed
trixie
2.8.2+ds-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
smokeping
hardy
ignored
lucid
Fixed 2.3.6-5+squeeze1build0.10.04.1
released
maverick
ignored
natty
ignored
oneiric
Fixed 2.3.6-5+squeeze1build0.11.10.1
released
precise
not-affected
quantal
not-affected
Common Weakness Enumeration
References
http://holisticinfosec.org/content/view/188/45/
http://oss.oetiker.ch/smokeping/pub/CHANGES
http://secunia.com/advisories/47678
http://www.openwall.com/lists/oss-security/2012/01/21/1
http://www.securityfocus.com/bid/51584
https://bugs.gentoo.org/show_bug.cgi?id=399553
https://bugzilla.redhat.com/show_bug.cgi?id=783584
http://holisticinfosec.org/content/view/188/45/
http://oss.oetiker.ch/smokeping/pub/CHANGES
http://secunia.com/advisories/47678
http://www.openwall.com/lists/oss-security/2012/01/21/1
http://www.securityfocus.com/bid/51584
https://bugs.gentoo.org/show_bug.cgi?id=399553
https://bugzilla.redhat.com/show_bug.cgi?id=783584