fkie_nvd - fkie_cve-2012-6528

fkie_cve-2012-6528

Vulnerability from fkie_nvd

Published

2013-01-31 05:44

Modified

2024-11-21 01:46

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2012-01/0094.html	Exploit
cve@mitre.org	http://atutor.ca/atutor/change_log.php
cve@mitre.org	http://secunia.com/advisories/47597	Vendor Advisory
cve@mitre.org	http://www.darksecurity.de/advisories/2012/SSCHADV2012-002.txt	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/51423	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/72412
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2012-01/0094.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://atutor.ca/atutor/change_log.php
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/47597	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.darksecurity.de/advisories/2012/SSCHADV2012-002.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51423	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/72412

Impacted products

Vendor	Product	Version
atutor	atutor	*
atutor	atutor	1.0
atutor	atutor	1.2.1
atutor	atutor	1.2.2
atutor	atutor	1.3
atutor	atutor	1.3.1
atutor	atutor	1.3.2
atutor	atutor	1.3.3
atutor	atutor	1.4
atutor	atutor	1.4.1
atutor	atutor	1.4.2
atutor	atutor	1.4.3
atutor	atutor	1.5.1
atutor	atutor	1.5.1
atutor	atutor	1.5.1
atutor	atutor	1.5.2
atutor	atutor	1.5.3
atutor	atutor	1.5.3
atutor	atutor	1.5.3.1
atutor	atutor	1.5.3.2
atutor	atutor	1.5.4
atutor	atutor	1.5.5
atutor	atutor	1.6
atutor	atutor	1.6.1
atutor	atutor	1.6.1
atutor	atutor	1.6.4
atutor	atutor	2.0.1
atutor	atutor	2.0.2
atutor	atutor	2.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atutor:atutor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "288F80E7-988C-440C-A370-68382CF0BC24",
              "versionEndIncluding": "2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D4F1FB2-F35E-444F-8A7F-77C6FDCE9CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED293AE-94FD-444B-85A6-3ABCC7C97654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE4E6E1-0B9B-4EBE-8727-AD04E1BB5C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "827CD64E-2E84-422A-A405-16FCB4E80863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE05B757-B3B2-47DE-AFB6-073D5C639D07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D97A1FF-B3B4-406C-814A-F7504B9EE290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A3D3293-3761-46BE-B581-8B8447FB5059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C48DDB-B334-499A-9C1B-122D6942BD57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E682277-2B37-4C0B-98F5-52A4427B8853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "341B04AA-926D-400E-9A47-D2F183E26AC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "05E50596-38A3-4C7A-9561-99950DA33A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA98319-09F3-4AE9-AF14-B1BE424AB7DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.1:pl1:*:*:*:*:*:*",
              "matchCriteriaId": "DD94D6E8-4DA1-48C9-8708-43D1BEDB6CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.1:pl2:*:*:*:*:*:*",
              "matchCriteriaId": "0AD5C011-1B1C-4DC2-AA01-81B14EF2B8E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C60745C-ECC2-41AD-8795-6D274F269F85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2765EAFB-6663-4F16-B285-6DA8D26E6CD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3849980E-F74A-4C85-B3A1-FECAF888546F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5B36A11-B728-468A-802E-A7C8362D154A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "189D9776-C554-4084-8C31-21935F83A416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D08E87-E4BC-449F-93B6-D567926BCE84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC1FDA3-8B9A-4293-974F-F07517F3581C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E84A54D-D3E2-4B7C-809D-7719FD92ECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAA57CE3-7BE5-49D1-A7A3-0D415EB02533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.6.1:pl1:*:*:*:*:*:*",
              "matchCriteriaId": "B1AC00DE-4064-406A-B5EC-B85B15553B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD19A48-FC2A-406C-8299-60E87269451F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6289C4AF-76E4-4194-A61D-2DDB39CF680E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8132BFA5-6EA0-4158-84AC-4675FF91CF6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atutor:atutor:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "901A6503-01EB-45B1-897B-A30A49EE5014",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php."
    },
    {
      "lang": "es",
      "value": "M\u00faltiple cross-site scripting (XSS) en ATutor antes de v2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del PATH_INFO para (1)themes/default/tile_search/index.tmpl.php, (2)login.php, (3)search.php, (4)password_reminder.php, (5)/login.php/jscripts/ infusi\u00f3n, (6)login.php/mods/_standard/flowplayer, (7)browse.php/jscripts/infusi\u00f3n/framework/temasabout.php fss, (8)registration.php/themes/default/ie_styles.css, (9)o(10)/default/social/basic_profile.tmpl.php."
    }
  ],
  "id": "CVE-2012-6528",
  "lastModified": "2024-11-21T01:46:17.443",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-31T05:44:00.837",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0094.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://atutor.ca/atutor/change_log.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47597"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-002.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/51423"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0094.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://atutor.ca/atutor/change_log.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/51423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72412"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2012-6528

Vulnerability from cvelistv5

Published

2013-01-31 02:00

Modified

2024-08-06 21:28