CVE-2012-4251

EUVD-2012-4195
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
mysqldumpermysqldumper
1.24.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html
http://www.osvdb.org/81610
http://www.osvdb.org/81611
http://www.osvdb.org/81612
http://www.securityfocus.com/bid/53306
https://exchange.xforce.ibmcloud.com/vulnerabilities/75284
http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html
http://www.osvdb.org/81610
http://www.osvdb.org/81611
http://www.osvdb.org/81612
http://www.securityfocus.com/bid/53306
https://exchange.xforce.ibmcloud.com/vulnerabilities/75284