mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-28 01:02:55 +00:00
128 lines
4.2 KiB
JSON
128 lines
4.2 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2012-1664",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "20120404 Multiple vulnerabilities in osCmax",
|
|
"refsource" : "BUGTRAQ",
|
|
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html"
|
|
},
|
|
{
|
|
"name" : "https://www.htbridge.com/advisory/HTB23081",
|
|
"refsource" : "MISC",
|
|
"url" : "https://www.htbridge.com/advisory/HTB23081"
|
|
},
|
|
{
|
|
"name" : "http://bugtrack.oscmax.com/view.php?id=1165",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://bugtrack.oscmax.com/view.php?id=1165"
|
|
},
|
|
{
|
|
"name" : "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update"
|
|
},
|
|
{
|
|
"name" : "80903",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/80903"
|
|
},
|
|
{
|
|
"name" : "80904",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/80904"
|
|
},
|
|
{
|
|
"name" : "80905",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/80905"
|
|
},
|
|
{
|
|
"name" : "80906",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/80906"
|
|
},
|
|
{
|
|
"name" : "80907",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/80907"
|
|
},
|
|
{
|
|
"name" : "80908",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/80908"
|
|
},
|
|
{
|
|
"name" : "80909",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/80909"
|
|
},
|
|
{
|
|
"name" : "80910",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/80910"
|
|
},
|
|
{
|
|
"name" : "80911",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/80911"
|
|
},
|
|
{
|
|
"name" : "80912",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/80912"
|
|
}
|
|
]
|
|
}
|
|
}
|