CVE-2012-1212

Published Feb 24, 2012

Last updated 7 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to index.php/Special:FormEdit. NOTE: some of these details are obtained from third party information.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:smwplus:smw\\+:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8C88218-4CD4-45E8-95EF-FBBBC5C81BFC",
            "versionEndIncluding": "1.6.0_2"
          },
          {
            "criteria": "cpe:2.3:a:smwplus:smw\\+:1.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E2EA03C-A54F-4EA1-8A0D-24EA1A0F172F"
          },
          {
            "criteria": "cpe:2.3:a:smwplus:smw\\+:1.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B49098B9-97A1-421E-BEC8-173D3D7C7B99"
          },
          {
            "criteria": "cpe:2.3:a:smwplus:smw\\+:1.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC76F671-7E4F-475D-A7CD-C18613A08701"
          },
          {
            "criteria": "cpe:2.3:a:smwplus:smw\\+:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F715987-7B14-46FA-A428-1E4ABDA10224"
          },
          {
            "criteria": "cpe:2.3:a:smwplus:smw\\+:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AADB4E3-2125-4878-B7A8-3227ACB87238"
          },
          {
            "criteria": "cpe:2.3:a:smwplus:smw\\+:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3383CAE-63EF-456B-B56A-5970E3640919"
          },
          {
            "criteria": "cpe:2.3:a:smwplus:smw\\+:1.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60FB3A04-2DE6-4D08-9A2C-72D9DCF85DF3"
          },
          {
            "criteria": "cpe:2.3:a:smwplus:smw\\+:1.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8D890BE-7F6F-42B5-818C-BA4BF74BC38F"
          },
          {
            "criteria": "cpe:2.3:a:smwplus:smw\\+:1.5.6-1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "191D9A45-EAA2-4034-8B8C-D167160BA876"
          },
          {
            "criteria": "cpe:2.3:a:smwplus:smw\\+:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96C22B84-5A80-4C30-B084-D1653CC2861E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References