CVE-2012-4384 - Vulnerability Details - OpenCVE

letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Trilexnet	Letodms

Configuration 1 [-]

cpe:2.3:a:trilexnet:letodms:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2012/08/31/19
https://security-tracker.debian.org/tracker/CVE-2012-4384

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-11-13T15:52:28

Updated: 2024-08-06T20:35:08.661Z

Reserved: 2012-08-21T00:00:00

Link: CVE-2012-4384

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-11-13T16:15:10.597

Modified: 2024-11-21T01:42:46.627

Link: CVE-2012-4384

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "letodms", "vendor": "letodms", "versions": [{"status": "affected", "version": "through 3.3.11"}]}], "descriptions": [{"lang": "en", "value": "letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar"}], "problemTypes": [{"descriptions": [{"description": "XSS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-13T15:52:28", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/19"}, {"name": "Debian", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-4384"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4384", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "letodms", "version": {"version_data": [{"version_value": "through 3.3.11"}]}}]}, "vendor_name": "letodms"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XSS"}]}]}, "references": {"reference_data": [{"name": "http://www.openwall.com/lists/oss-security/2012/08/31/19", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2012/08/31/19"}, {"name": "Debian", "refsource": "DEBIAN", "url": "https://security-tracker.debian.org/tracker/CVE-2012-4384"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:35:08.661Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/19"}, {"name": "Debian", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-4384"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-4384", "datePublished": "2019-11-13T15:52:28", "dateReserved": "2012-08-21T00:00:00", "dateUpdated": "2024-08-06T20:35:08.661Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trilexnet:letodms:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA8C5A75-5D58-48D5-80AA-A66AFF4072F2", "versionEndIncluding": "3.3.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar"}, {"lang": "es", "value": "letodms tiene m\u00faltiples problemas de tipo XSS: XSS Reflejado en la P\u00e1gina Login, XSS Almacenado en el nombre Document Owner/User, XSS Almacenado en el Calendario."}], "id": "CVE-2012-4384", "lastModified": "2024-11-21T01:42:46.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-13T16:15:10.597", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/19"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-4384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/08/31/19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-4384"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}