CVE-2012-4071

Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
rsgallery2com_rsgallery2
𝑥
≤ 2.2.1
rsgallery2com_rsgallery2
1.9.0-4:alpha
rsgallery2com_rsgallery2
1.9.4:alpha
rsgallery2com_rsgallery2
1.9.5:alpha
rsgallery2com_rsgallery2
1.10.1:alpha
rsgallery2com_rsgallery2
1.10.2:alpha
rsgallery2com_rsgallery2
1.10.5:alpha
rsgallery2com_rsgallery2
1.10.6:alpha
rsgallery2com_rsgallery2
1.10.7:alpha
rsgallery2com_rsgallery2
1.10.8:alpha
rsgallery2com_rsgallery2
1.10.9:alpha
rsgallery2com_rsgallery2
1.10.10:alpha
rsgallery2com_rsgallery2
1.10.11:alpha
rsgallery2com_rsgallery2
1.10.13:alpha
rsgallery2com_rsgallery2
1.10.14:alpha
rsgallery2com_rsgallery2
1.11.0:alpha
rsgallery2com_rsgallery2
1.11.1:alpha
rsgallery2com_rsgallery2
1.11.2:alpha
rsgallery2com_rsgallery2
1.11.3:alpha
rsgallery2com_rsgallery2
1.11.4:alpha
rsgallery2com_rsgallery2
1.11.5:alpha
rsgallery2com_rsgallery2
1.11.6:alpha
rsgallery2com_rsgallery2
1.11.7:alpha
rsgallery2com_rsgallery2
1.11.8:alpha
rsgallery2com_rsgallery2
1.11.10:alpha
rsgallery2com_rsgallery2
1.11.11:alpha
rsgallery2com_rsgallery2
1.12.0:alpha
rsgallery2com_rsgallery2
1.12.1:alpha
rsgallery2com_rsgallery2
1.12.2:alpha
rsgallery2com_rsgallery2
1.13.0:alpha
rsgallery2com_rsgallery2
1.13.1:alpha
rsgallery2com_rsgallery2
1.14.0:alpha
rsgallery2com_rsgallery2
1.14.1:alpha
rsgallery2com_rsgallery2
2.1.0:beta
rsgallery2com_rsgallery2
2.1.1
rsgallery2com_rsgallery2
2.2.0
rsgallery2com_rsgallery2
𝑥
≤ 3.1.0
rsgallery2com_rsgallery2
1.9.0-4:alpha
rsgallery2com_rsgallery2
1.9.4:alpha
rsgallery2com_rsgallery2
1.9.5:alpha
rsgallery2com_rsgallery2
1.10.1:alpha
rsgallery2com_rsgallery2
1.10.2:alpha
rsgallery2com_rsgallery2
1.10.5:alpha
rsgallery2com_rsgallery2
1.10.6:alpha
rsgallery2com_rsgallery2
1.10.7:alpha
rsgallery2com_rsgallery2
1.10.8:alpha
rsgallery2com_rsgallery2
1.10.9:alpha
rsgallery2com_rsgallery2
1.10.10:alpha
rsgallery2com_rsgallery2
1.10.11:alpha
rsgallery2com_rsgallery2
1.10.13:alpha
rsgallery2com_rsgallery2
1.10.14:alpha
rsgallery2com_rsgallery2
1.11.0:alpha
rsgallery2com_rsgallery2
1.11.1:alpha
rsgallery2com_rsgallery2
1.11.2:alpha
rsgallery2com_rsgallery2
1.11.3:alpha
rsgallery2com_rsgallery2
1.11.4:alpha
rsgallery2com_rsgallery2
1.11.5:alpha
rsgallery2com_rsgallery2
1.11.6:alpha
rsgallery2com_rsgallery2
1.11.7:alpha
rsgallery2com_rsgallery2
1.11.8:alpha
rsgallery2com_rsgallery2
1.11.10:alpha
rsgallery2com_rsgallery2
1.11.11:alpha
rsgallery2com_rsgallery2
1.12.0:alpha
rsgallery2com_rsgallery2
1.12.1:alpha
rsgallery2com_rsgallery2
1.12.2:alpha
rsgallery2com_rsgallery2
1.13.0:alpha
rsgallery2com_rsgallery2
1.13.1:alpha
rsgallery2com_rsgallery2
1.14.0:alpha
rsgallery2com_rsgallery2
1.14.1:alpha
rsgallery2com_rsgallery2
2.1.0:beta
rsgallery2com_rsgallery2
2.1.1
rsgallery2com_rsgallery2
3.0:rc1
rsgallery2com_rsgallery2
3.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142
http://joomlacode.org/gf/download/frsrelease/17325/75427/com_rsgallery2_2.3.0.zip
http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip
http://joomlacode.org/gf/project/rsgallery2/news/
http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html
http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142
http://joomlacode.org/gf/download/frsrelease/17325/75427/com_rsgallery2_2.3.0.zip
http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip
http://joomlacode.org/gf/project/rsgallery2/news/
http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html