CVE-2012-1912

Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.  NOTE: the index.php vector is already covered by CVE-2008-2566.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
chatelaophp_address_book
𝑥
≤ 7.0
chatelaophp_address_book
1.0
chatelaophp_address_book
1.2
chatelaophp_address_book
2.0
chatelaophp_address_book
2.1
chatelaophp_address_book
2.1.1
chatelaophp_address_book
2.2
chatelaophp_address_book
2.3
chatelaophp_address_book
2.4
chatelaophp_address_book
2.6
chatelaophp_address_book
3.0
chatelaophp_address_book
3.1
chatelaophp_address_book
3.1.1
chatelaophp_address_book
3.1.2
chatelaophp_address_book
3.1.3
chatelaophp_address_book
3.1.4
chatelaophp_address_book
3.1.5
chatelaophp_address_book
3.1.6
chatelaophp_address_book
3.2
chatelaophp_address_book
3.2.1
chatelaophp_address_book
3.2.2
chatelaophp_address_book
3.2.3
chatelaophp_address_book
3.2.4
chatelaophp_address_book
3.2.5
chatelaophp_address_book
3.2.6
chatelaophp_address_book
3.2.7
chatelaophp_address_book
3.2.8
chatelaophp_address_book
3.2.9
chatelaophp_address_book
3.2.10
chatelaophp_address_book
3.2.11
chatelaophp_address_book
3.2.12
chatelaophp_address_book
3.2.13
chatelaophp_address_book
3.2.14
chatelaophp_address_book
3.3
chatelaophp_address_book
3.3.1
chatelaophp_address_book
3.3.2
chatelaophp_address_book
3.3.3
chatelaophp_address_book
3.3.4
chatelaophp_address_book
3.3.5
chatelaophp_address_book
3.3.6
chatelaophp_address_book
3.3.7
chatelaophp_address_book
3.3.8
chatelaophp_address_book
3.3.9
chatelaophp_address_book
3.3.10
chatelaophp_address_book
3.3.12
chatelaophp_address_book
3.3.13
chatelaophp_address_book
3.3.14
chatelaophp_address_book
3.3.15
chatelaophp_address_book
3.3.16
chatelaophp_address_book
3.3.17
chatelaophp_address_book
3.3.18
chatelaophp_address_book
3.4
chatelaophp_address_book
3.4.1
chatelaophp_address_book
3.4.2
chatelaophp_address_book
3.4.3
chatelaophp_address_book
3.4.4
chatelaophp_address_book
3.4.5
chatelaophp_address_book
3.4.6
chatelaophp_address_book
3.4.7
chatelaophp_address_book
3.4.8
chatelaophp_address_book
3.4.9
chatelaophp_address_book
4.0
chatelaophp_address_book
4.0.2
chatelaophp_address_book
4.1.1
chatelaophp_address_book
4.1.3
chatelaophp_address_book
4.1.4
chatelaophp_address_book
5.0
chatelaophp_address_book
5.0:beta
chatelaophp_address_book
5.1
chatelaophp_address_book
5.2
chatelaophp_address_book
5.3
chatelaophp_address_book
5.4
chatelaophp_address_book
5.4.1
chatelaophp_address_book
5.4.2
chatelaophp_address_book
5.4.3
chatelaophp_address_book
5.4.4
chatelaophp_address_book
5.4.5
chatelaophp_address_book
5.4.6
chatelaophp_address_book
5.4.7
chatelaophp_address_book
5.4.9
chatelaophp_address_book
5.5
chatelaophp_address_book
5.6
chatelaophp_address_book
5.7
chatelaophp_address_book
5.7.1
chatelaophp_address_book
5.7.2
chatelaophp_address_book
5.7.3
chatelaophp_address_book
5.7.4
chatelaophp_address_book
5.7.5
chatelaophp_address_book
5.8.1
chatelaophp_address_book
6.0
chatelaophp_address_book
6.1
chatelaophp_address_book
6.1.1
chatelaophp_address_book
6.1.2
chatelaophp_address_book
6.1.3
chatelaophp_address_book
6.1.4
chatelaophp_address_book
6.2
chatelaophp_address_book
6.2.1
chatelaophp_address_book
6.2.2
chatelaophp_address_book
6.2.3
chatelaophp_address_book
6.2.4
chatelaophp_address_book
6.2.5
chatelaophp_address_book
6.2.6
chatelaophp_address_book
6.2.7
chatelaophp_address_book
6.2.9
chatelaophp_address_book
6.2.10
chatelaophp_address_book
6.2.11
chatelaophp_address_book
6.2.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/42781
http://secunia.com/advisories/49212
http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929
http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929
http://sourceforge.net/tracker/?func=detail&aid=3527242&group_id=157964&atid=805929
http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt
http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html
http://www.exploit-db.com/exploits/18578
http://www.securityfocus.com/bid/52396
http://www.securityfocus.com/bid/53598
https://exchange.xforce.ibmcloud.com/vulnerabilities/73944
http://secunia.com/advisories/42781
http://secunia.com/advisories/49212
http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929
http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929
http://sourceforge.net/tracker/?func=detail&aid=3527242&group_id=157964&atid=805929
http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt
http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html
http://www.exploit-db.com/exploits/18578
http://www.securityfocus.com/bid/52396
http://www.securityfocus.com/bid/53598
https://exchange.xforce.ibmcloud.com/vulnerabilities/73944