{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-20T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24536", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/24536"}, {"name": "52255", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52255"}, {"tags": ["x_refsource_MISC"], "url": "https://www.htbridge.com/advisory/HTB23142"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.glfusion.org/article.php/glf122_update_20130130_01"}, {"name": "glfusion-multiple-xss(82211)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82211"}, {"name": "20130220 Multiple Cross-Site Scripting (XSS) in glFusion", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1466", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24536", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/24536"}, {"name": "52255", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/52255"}, {"name": "https://www.htbridge.com/advisory/HTB23142", "refsource": "MISC", "url": "https://www.htbridge.com/advisory/HTB23142"}, {"name": "http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html"}, {"name": "http://www.glfusion.org/article.php/glf122_update_20130130_01", "refsource": "CONFIRM", "url": "http://www.glfusion.org/article.php/glf122_update_20130130_01"}, {"name": "glfusion-multiple-xss(82211)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82211"}, {"name": "20130220 Multiple Cross-Site Scripting (XSS) in glFusion", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:04:48.664Z"}, "title": "CVE Program Container", "references": [{"name": "24536", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/24536"}, {"name": "52255", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/52255"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.htbridge.com/advisory/HTB23142"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.glfusion.org/article.php/glf122_update_20130130_01"}, {"name": "glfusion-multiple-xss(82211)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82211"}, {"name": "20130220 Multiple Cross-Site Scripting (XSS) in glFusion", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-1466", "datePublished": "2014-02-05T15:00:00", "dateReserved": "2013-01-29T00:00:00", "dateUpdated": "2024-08-06T15:04:48.664Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:glfusion:glfusion:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD92F979-758E-48EB-B6D7-F838531F7E16", "versionEndIncluding": "1.2.2.pl3", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "798B4747-978F-46D2-8EF1-76D8BC0872F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E3D0B5AC-35D8-4900-B2F8-95D661E880CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "3FE6694E-7ED1-45F4-94D7-D5CD9AA6D801", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D711131E-314B-4BBE-9E6F-973C154694B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B0A24202-EB12-4428-A327-97504EB460B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D80EE971-44CA-478F-88CB-A13CBDD628CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "51D13EE5-3B44-4AB3-86CD-01E9488DFBF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6941B9D9-5EA0-4954-89E8-350B4EE8E35A", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "028947C2-71A3-4FBF-BBCD-BA7CF0098E96", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0E7BB830-42C3-4A2A-AF2B-283669BE5A3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D786A2AB-45C0-49B5-9F0D-97FCCC57BF06", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl1:*:*:*:*:*:*:*", "matchCriteriaId": "76A78CD4-81C7-43D0-AF55-70D6764CB28B", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl2:*:*:*:*:*:*:*", "matchCriteriaId": "549C3BC2-63D2-42FA-8984-EB128307207E", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl3:*:*:*:*:*:*:*", "matchCriteriaId": "19B08E87-DCB7-4C2C-BDF8-668662B6EE58", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl4:*:*:*:*:*:*:*", "matchCriteriaId": "C7F545F2-284A-4408-B14B-B1465E176EBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "32A9987A-0F8E-4C39-8E97-ED3AD9406DD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5.pl1:*:*:*:*:*:*:*", "matchCriteriaId": "2FE0FE37-5B63-4223-96C6-29BE6E4E2A38", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5.pl2:*:*:*:*:*:*:*", "matchCriteriaId": "2C1674FB-3745-4BF7-B5F3-31A4CB215FA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5.pl3:*:*:*:*:*:*:*", "matchCriteriaId": "3BB7FC4C-DB19-4481-85F5-BC5D5350F763", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "A06C07C1-B8E4-4D97-8FD3-17F2B06F2D4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl1:*:*:*:*:*:*:*", "matchCriteriaId": "9593FFEB-AD09-41EC-950D-5031C7C0AD5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl2:*:*:*:*:*:*:*", "matchCriteriaId": "FD289399-93D2-4CA9-8F47-9CE988C01EF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl3:*:*:*:*:*:*:*", "matchCriteriaId": "A6529D3F-8BF1-4786-8A2A-EEA5333EF6BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl4:*:*:*:*:*:*:*", "matchCriteriaId": "FB63EE52-AC26-4EEF-B1A9-7646B775A047", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C6EA0CD3-E34F-49B0-BE66-C1E8FBAE3BA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "082CF717-6FA4-4D22-9B76-AF5B93D8560D", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl1:*:*:*:*:*:*:*", "matchCriteriaId": "121594F2-E714-4E49-AAF4-7514F1B87646", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl2:*:*:*:*:*:*:*", "matchCriteriaId": "E7841881-DAE5-46A1-AFC5-5FD39F562BEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl3:*:*:*:*:*:*:*", "matchCriteriaId": "90AB990C-8001-4806-A738-4A64590C6C56", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl4:*:*:*:*:*:*:*", "matchCriteriaId": "DA21F45F-6E49-4318-99BE-DFB1558B8B4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl5:*:*:*:*:*:*:*", "matchCriteriaId": "059CD172-ADE1-4FCB-8D84-298BA42619A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl6:*:*:*:*:*:*:*", "matchCriteriaId": "7F870B42-E57D-4F60-A23E-06F047BCB4B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "690C9C93-BB9F-47A5-9A35-B74A6880EAA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl1:*:*:*:*:*:*:*", "matchCriteriaId": "9249610A-71BB-48A2-BCCD-C1E29F3AD0B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl2:*:*:*:*:*:*:*", "matchCriteriaId": "746D9173-90F4-4E82-B6D3-7C21A87FE2FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl3:*:*:*:*:*:*:*", "matchCriteriaId": "DD719B97-ED18-40A9-A3A5-81078F262F8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl4:*:*:*:*:*:*:*", "matchCriteriaId": "AAAE38F5-BB94-442D-8705-DE4E90F9157F", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl5:*:*:*:*:*:*:*", "matchCriteriaId": "87ED44C1-8CEE-4B19-90D2-0DE6C84C5CB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl6:*:*:*:*:*:*:*", "matchCriteriaId": "9032E4DB-C006-4518-89C0-3A2308E1E377", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl7:*:*:*:*:*:*:*", "matchCriteriaId": "8614BDE0-BF9C-4E76-B2B2-76816D615697", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "149A1A90-65A5-4BF1-A2A6-C5915E0A834B", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.2.pl1:*:*:*:*:*:*:*", "matchCriteriaId": "EA5F3981-D478-4D94-8925-C3E7C97F25BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:glfusion:glfusion:1.2.2.pl2:*:*:*:*:*:*:*", "matchCriteriaId": "C85324AE-C3BE-4864-8212-E2823AFA6E2F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en glFusion anterior a 1.2.2.pl4 permite a atacantes remotos inyectar script Web o HTML arbitrario a trav\u00e9s de (1) par\u00e1metros sujetos a profiles.php; par\u00e1metros (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, o (9) zipcode hacia calendar/index.php; par\u00e1metros (10) title o (11) url hacia links/index.php; o (12) PATH_INFO hacia admin/plugins/mediagallery/xppubwiz.php/."}], "id": "CVE-2013-1466", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-02-05T15:10:01.550", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52255"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/24536"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.glfusion.org/article.php/glf122_update_20130130_01"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82211"}, {"source": "cve@mitre.org", "url": "https://www.htbridge.com/advisory/HTB23142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/24536"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.glfusion.org/article.php/glf122_update_20130130_01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82211"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.htbridge.com/advisory/HTB23142"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}