CVE-2012-1410 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kadu	Kadu

Configuration 1 [-]

OR	cpe:2.3:a:kadu:kadu:0.9.0:::::::*
	cpe:2.3:a:kadu:kadu:0.10.0:::::::*
	cpe:2.3:a:kadu:kadu:0.11.0:::::::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2012/02/27/26
http://www.openwall.com/lists/oss-security/2012/02/27/3
https://bugzilla.novell.com/show_bug.cgi?id=749036
https://bugzilla.redhat.com/show_bug.cgi?id=797777
https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6
https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0
https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84
https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-02-29T11:00:00Z

Updated: 2024-09-16T17:44:03.215Z

Reserved: 2012-02-28T00:00:00Z

Link: CVE-2012-1410

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-02-29T11:55:05.940

Modified: 2012-02-29T11:55:05.940

Link: CVE-2012-1410

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-02-29T11:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=749036"}, {"name": "[oss-security] 20120227 Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/02/27/26"}, {"name": "[oss-security] 20120227 CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/02/27/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797777"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1410", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52", "refsource": "CONFIRM", "url": "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52"}, {"name": "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6", "refsource": "CONFIRM", "url": "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6"}, {"name": "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0", "refsource": "CONFIRM", "url": "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0"}, {"name": "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84", "refsource": "CONFIRM", "url": "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=749036", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=749036"}, {"name": "[oss-security] 20120227 Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/02/27/26"}, {"name": "[oss-security] 20120227 CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/02/27/3"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=797777", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797777"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:53:37.320Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=749036"}, {"name": "[oss-security] 20120227 Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/02/27/26"}, {"name": "[oss-security] 20120227 CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/02/27/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797777"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1410", "datePublished": "2012-02-29T11:00:00Z", "dateReserved": "2012-02-28T00:00:00Z", "dateUpdated": "2024-09-16T17:44:03.215Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kadu:kadu:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "ACD4C191-EE4C-49D9-A917-0CC79DB36964", "vulnerable": true}, {"criteria": "cpe:2.3:a:kadu:kadu:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC5DFCE1-B547-49C4-85E8-E97D79660A56", "vulnerable": true}, {"criteria": "cpe:2.3:a:kadu:kadu:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C06543E-715B-4E46-8484-D46BE4F0D46B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la implementaci\u00f3n de History Window en Kadu v0.9.0 hasta 0.11.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) mensaje SMS (2) mensaje de presencia o (3) descripci\u00f3n de estado manipulados."}], "id": "CVE-2012-1410", "lastModified": "2012-02-29T11:55:05.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-02-29T11:55:05.940", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2012/02/27/26"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2012/02/27/3"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=749036"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797777"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}