{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-08-13T22:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "49148", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49148"}, {"name": "18868", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/18868"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rodnaph/sockso/pull/99/files"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rodnaph/sockso/issues/93"}, {"tags": ["x_refsource_MISC"], "url": "http://smwyg.com/blog/#sockso-persistant-xss-attack"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4267", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "49148", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49148"}, {"name": "18868", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18868"}, {"name": "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136", "refsource": "CONFIRM", "url": "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136"}, {"name": "https://github.com/rodnaph/sockso/pull/99/files", "refsource": "CONFIRM", "url": "https://github.com/rodnaph/sockso/pull/99/files"}, {"name": "https://github.com/rodnaph/sockso/issues/93", "refsource": "CONFIRM", "url": "https://github.com/rodnaph/sockso/issues/93"}, {"name": "http://smwyg.com/blog/#sockso-persistant-xss-attack", "refsource": "MISC", "url": "http://smwyg.com/blog/#sockso-persistant-xss-attack"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:28:07.682Z"}, "title": "CVE Program Container", "references": [{"name": "49148", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49148"}, {"name": "18868", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/18868"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rodnaph/sockso/pull/99/files"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rodnaph/sockso/issues/93"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://smwyg.com/blog/#sockso-persistant-xss-attack"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4267", "datePublished": "2012-08-13T22:00:00Z", "dateReserved": "2012-08-13T00:00:00Z", "dateUpdated": "2024-09-17T04:18:55.758Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pu-gh:sockso:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC8B07BE-48DB-4B31-AC72-11D2110D9511", "versionEndIncluding": "1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0057C683-975A-4FEF-A4F7-8542D8C00C44", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3FE34CB-940F-4151-948F-DCDF4C323C6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9CF94E42-470C-4913-8999-8B0C5BE80ACD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7A2EE0A1-2985-4F94-893D-049C432EFD0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "48837FB7-2340-4C4B-953C-073006EB8EE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9145C81A-7BBB-430F-8750-F186AF0E06E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "12D1180C-C485-4BCF-BB09-D190BD4BE214", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "E5D91033-C64D-4A08-B873-93C32ED61C19", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "76963120-C187-4B0D-B354-E25AF0713EFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2353AC56-56EB-4146-B725-14AF107A0832", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F91289F-2C58-4ACC-AA2D-4848E42C3E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7CC56A4-CD83-4E6B-8B99-4C5553075C53", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6018A9BD-B64D-4954-B93C-3514000794AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0C0B2B45-C28F-424B-B562-437CE6DDDFCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "2B40BCB5-AFE1-479B-89C5-2282117D4AF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "33B1F055-7664-48B2-B581-BF84A33D0C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "AC4E7D45-2D10-474A-B2B3-3066AF1A11CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "FD7DC3A1-5339-45C5-B8A4-0458FAB4B9B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E4FB26E7-0712-4513-AF61-1ACFADA6FCB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8055EF8A-B92A-4676-A382-D3567FC3FC3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "87D53EE8-F75D-4954-920E-73D5CA0722E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "3AF41FA0-DC88-4416-BE14-ABE4EB5D1497", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "91C54106-BB0F-45AB-BA2D-7D7278A8B893", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "34C344BA-4CAD-4CA4-9DDB-0C6DFD97C5E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "56F0065D-BA9A-498B-BDEE-8CE89F575E38", "vulnerable": true}, {"criteria": "cpe:2.3:a:pu-gh:sockso:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "EEDEF3E8-A155-4C60-BA66-77BF6AA5A2F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en user/register en Sockso v1.5 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro name.\r\n"}], "id": "CVE-2012-4267", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-08-13T22:55:01.240", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49148"}, {"source": "cve@mitre.org", "tags": ["Exploit", "URL Repurposed"], "url": "http://smwyg.com/blog/#sockso-persistant-xss-attack"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/18868"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136"}, {"source": "cve@mitre.org", "url": "https://github.com/rodnaph/sockso/issues/93"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/rodnaph/sockso/pull/99/files"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}