CVE-2012-0829
Published Feb 14, 2012
Last updated 7 years ago
Overview
- Description
- Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF0D458A-E2BF-48D9-908C-D9437F21B667",
"versionEndIncluding": "1.6.4"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5D74D85-ED64-4065-BB9A-C7F8E4C48383"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19756ECA-DACC-4002-A50F-81787913C148"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B94F26A-11FA-429E-94F8-A8E7DADF3548"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8577FA6A-671F-4B7C-860A-FAEBEB321445"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2669A2FC-72F3-4939-8188-081CD91E2D97"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB42487E-FAE0-4DFB-BABE-9483582E5957"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E43DA19D-9D1C-42A6-8447-6CB9B2E9C850"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6E8431F-5246-41CE-8193-C9FC6AC5F79E"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35F49A92-FCE0-404B-8A73-C222AF292C25"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "208103EB-1731-4148-9D8D-9BFE264B04FF"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32CBFA72-33EF-4741-A7C9-8B3CC41538F9"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D61AA5CD-8153-4B01-A3C6-113DE6F16E56"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3CBE280-477C-438F-B7A8-712C727D0DC7"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B13EB1E-55D8-48CB-B95B-79D5BC364112"
},
{
"criteria": "cpe:2.3:a:mibew:mibew_messenger:1.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46B4B6EE-99F7-456F-9BEB-B5D02C07010B"
}
],
"operator": "OR"
}
]
}
]