CVE-2012-0323
Published Mar 9, 2012
Last updated 12 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34A8F4C1-F2DF-4CFF-8CD5-4E1203FFE173",
"versionEndIncluding": "2.1"
},
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55CCB854-1501-4366-8F23-904D7F03962D"
},
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "860CB334-CE31-4089-BC4C-F413CCDB7052"
},
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "568ED844-B934-4A24-BB2A-3EDB117C75EE"
},
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11CB74EE-5FD2-46AE-A676-11D35CF33C77"
},
{
"criteria": "cpe:2.3:a:paul_lesniewsk:autocomplete:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94E7BFE9-FD8C-45C0-9D20-8A5C81EECE4C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0F4C8AC6-80BA-456F-997B-FC38A8E2F060"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]