fkie_nvd - fkie_cve-2012-1908

fkie_cve-2012-1908

Vulnerability from fkie_nvd

Published

2012-08-17 00:55

Modified

2024-11-21 01:38

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

References

▼	URL	Tags
	cve@mitre.org	http://www.splunk.com/view/SP-CAAAGTK#38585	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.splunk.com/view/SP-CAAAGTK#38585	Vendor Advisory

Impacted products

Vendor	Product	Version
splunk	splunk	4.0
splunk	splunk	4.0.1
splunk	splunk	4.0.2
splunk	splunk	4.0.3
splunk	splunk	4.0.4
splunk	splunk	4.0.5
splunk	splunk	4.0.6
splunk	splunk	4.0.7
splunk	splunk	4.0.8
splunk	splunk	4.0.9
splunk	splunk	4.0.10
splunk	splunk	4.0.11
splunk	splunk	4.1
splunk	splunk	4.1.1
splunk	splunk	4.1.2
splunk	splunk	4.1.3
splunk	splunk	4.1.4
splunk	splunk	4.1.5
splunk	splunk	4.1.6
splunk	splunk	4.1.7
splunk	splunk	4.1.8
splunk	splunk	4.2
splunk	splunk	4.2.1
splunk	splunk	4.2.2
splunk	splunk	4.2.3
splunk	splunk	4.2.4
splunk	splunk	4.2.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FCFC155-E9C9-4AE3-9CB8-D2244B9E0269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "368E31F0-E8F2-459E-B78E-EEC3AB544669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCB0EF9-08B5-4B91-876D-2C7CF7880AF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1709D44B-DC91-4BCC-982F-7BE361A09FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "62042A83-23C7-478A-BE5C-8C66B6FB59C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB5CDED-459E-4AF9-8747-1F58FA1950E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0705659E-3230-4C28-BA56-F1F2E8BEB83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD076DE-EBF4-4829-847A-8B20DD614414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16311C2-2BB3-42E3-BFF8-860467C10611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "07F6F485-280B-408C-A381-76807862785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "551D7F83-61DD-4333-86ED-B1D38659B76E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "43BD38F5-B7C6-4CE9-A1B0-1E201CD0979E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B16A56F-EACF-47AC-B541-2D865CC31705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96B57A4-D586-444B-BD14-311AEBC40C00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "335BA0E8-428B-4163-A809-90BEE79A7395",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AE5B6A8-FB1E-4C0A-AC53-C0ABABE595C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE95A88B-F94B-4B3C-B0FC-0202E9E70FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "01CE667B-19F8-4ACE-BCF1-5CC0C1862720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74576145-857B-4A73-A9DE-B8CD6D45BB1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5323DA2-5E22-428C-98E9-EA3E9927C1E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1EE64CA-F199-4594-A8FA-CF5138492BCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "987B0894-735C-4E68-876B-C3041F36D4DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050ABEF8-D38E-49CF-A91B-F007DA4FBAD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA8AC9B9-3A83-4899-85BC-798BEFE90AEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD250E15-098A-4AF6-89E2-E25A98E55EBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9FD9D3-6E15-45A4-B066-2BA17F4D6512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1986619-649D-472E-A89B-C4976B20E37B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Splunk v4.0 a v4.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores desconocidos.\r\n"
    }
  ],
  "id": "CVE-2012-1908",
  "lastModified": "2024-11-21T01:38:01.533",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-08-17T00:55:02.827",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.splunk.com/view/SP-CAAAGTK#38585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.splunk.com/view/SP-CAAAGTK#38585"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2012-1908

Vulnerability from cvelistv5

Published

2012-08-17 00:00