CVE-2012-0829

Published Feb 14, 2012

Last updated 7 years ago

CVSS info 6.0

Overview

Description: Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 6.4
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF0D458A-E2BF-48D9-908C-D9437F21B667",
            "versionEndIncluding": "1.6.4"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5D74D85-ED64-4065-BB9A-C7F8E4C48383"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19756ECA-DACC-4002-A50F-81787913C148"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B94F26A-11FA-429E-94F8-A8E7DADF3548"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8577FA6A-671F-4B7C-860A-FAEBEB321445"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2669A2FC-72F3-4939-8188-081CD91E2D97"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB42487E-FAE0-4DFB-BABE-9483582E5957"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E43DA19D-9D1C-42A6-8447-6CB9B2E9C850"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6E8431F-5246-41CE-8193-C9FC6AC5F79E"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35F49A92-FCE0-404B-8A73-C222AF292C25"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "208103EB-1731-4148-9D8D-9BFE264B04FF"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32CBFA72-33EF-4741-A7C9-8B3CC41538F9"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D61AA5CD-8153-4B01-A3C6-113DE6F16E56"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3CBE280-477C-438F-B7A8-712C727D0DC7"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B13EB1E-55D8-48CB-B95B-79D5BC364112"
          },
          {
            "criteria": "cpe:2.3:a:mibew:mibew_messenger:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46B4B6EE-99F7-456F-9BEB-B5D02C07010B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References