{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-14T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://puppetlabs.com/security/cve/cve-2012-0891"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-0891", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://puppetlabs.com/security/cve/cve-2012-0891", "refsource": "CONFIRM", "url": "http://puppetlabs.com/security/cve/cve-2012-0891"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:38:15.060Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://puppetlabs.com/security/cve/cve-2012-0891"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-0891", "datePublished": "2014-03-14T16:00:00", "dateReserved": "2012-01-20T00:00:00", "dateUpdated": "2024-08-06T18:38:15.060Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "68EBEE5C-A39B-4F8E-A005-11327D639C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E85933FC-0433-45FB-A7D6-E3298B947E0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "BE296ACD-1869-45E5-88AB-DEFB47C55989", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6036A3DB-95E6-4EF9-B45F-C483D0D6D4B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B6FA405-C453-4008-9DFC-A46AFA5C6D7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B6A088-F3D5-44B5-9469-CBAE8715B13A", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6016EF1-335F-4042-ACFD-9B518217D448", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "73176F23-F996-454F-9123-96FC9392C1EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "86584240-8AB6-4ABC-94BB-037D37A74AA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "8F17DBFE-D13E-4AF0-9F93-918BE2BE649F", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "926CFE0B-57A0-42EE-8B84-5C53C94F552E", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "54836761-86C0-4240-8A43-D6DECC2BBBDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A584D14-197E-47EB-B394-B8B211D4B502", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCFA5742-38F2-43BD-9C90-E4F447F55684", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Puppet Dashboard 1.0 anterior a 1.2.5 y Enterprise 1.0 anterior a 1.2.5 y 2.x anterior a 2.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de campos no especificados."}], "id": "CVE-2012-0891", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-03-14T16:55:04.567", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2012-0891"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2012-0891"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}