CVE-2012-2909

Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
viscachaviscacha
0.8.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.exploit-db.com/exploits/18873
http://www.securityfocus.com/bid/53496
http://www.vulnerability-lab.com/get_content.php?id=525
https://exchange.xforce.ibmcloud.com/vulnerabilities/75577
http://www.exploit-db.com/exploits/18873
http://www.securityfocus.com/bid/53496
http://www.vulnerability-lab.com/get_content.php?id=525
https://exchange.xforce.ibmcloud.com/vulnerabilities/75577