mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
244 lines
8.9 KiB
JSON
244 lines
8.9 KiB
JSON
{
|
|
"id": "CVE-2012-6621",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2014-01-16T21:55:08.487",
|
|
"lastModified": "2024-11-21T01:46:31.500",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "M\u00faltiples vulnerabilidades de XSS en GetSimple CMS 3.1, 3.1.2, 3.2.3, y anteriores versiones permiten a atacantes remotos inyectar script Web o HTML arbitrario a trav\u00e9s de los campos (1) Email Address o (2) Custom Permalink Structure en admin/settings.php; (3) par\u00e1metro path hacia admin/upload.php; (4) par\u00e1metro err hacia admin/theme.php; (5) par\u00e1metro error hacia admin/pages.php; o (6) par\u00e1metros success o (7) err hacia admin/index.php."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"baseScore": 4.3,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "3.2.3",
|
|
"matchCriteriaId": "83EA87A3-8407-446A-9A8B-9E2887F3714A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DF820296-BE99-4823-9409-A7C805958763"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B72165A5-B0AF-46AB-A49A-70CF8CB389DB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "402816FD-80EF-4CC4-BC8E-E18978138568"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7E6A2BD4-9CC7-4584-A25D-571F2DF7D59C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:1.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "32615ADE-4C47-4A0C-BE0F-B4C11A0BB27B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:1.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8EFA7E89-8957-47E9-8041-EA8EAE2DB7AC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:1.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "86708C01-BCF1-4038-B72E-F4AF5E51105B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:1.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "24A24C58-1F29-4EC0-8BD2-B37A0F2D54DF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:1.25:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1ED22057-9169-47B0-93EE-52D5BFFE0FE2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:1.71:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8DCE5EAC-05F9-40A3-95C1-E8E344C37FCB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "554BC0DF-46D2-428B-8BFB-F62164ABA6FB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:2.01:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EFF2B63E-0845-48D9-8CEB-9BF705EA468E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:2.03:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0F33A0A5-C95B-4A01-B264-239E5B4C6DEA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:2.03.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "82A59795-A896-4D03-8C1C-FC158A3FCC3D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1685FE6C-8C13-489B-9FDC-32A358AD7266"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D400FBBB-51D9-4C69-A530-8085599EF82D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "733282CB-3E2E-4E12-AF47-6A9EA4807C6E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B5D8A854-9344-4063-85BF-1C773B33EADE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "15806A00-25E7-404A-9E8B-D74DCD847275"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CDD52948-4B08-4582-8E8B-C1E9FA2989B2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5B64BEF7-F4F8-4B6B-8426-8D3A7365996D"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/124711",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://packetstormsecurity.org/files/112643/GetSimple-CMS-3.1-Cross-Site-Scripting.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/49137",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/53501",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.vulnerability-lab.com/get_content.php?id=521",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75534",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75535",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/124711",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://packetstormsecurity.org/files/112643/GetSimple-CMS-3.1-Cross-Site-Scripting.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/49137",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/53501",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.vulnerability-lab.com/get_content.php?id=521",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75534",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75535",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |