CVE-2012-3836
Published Jul 3, 2012
Last updated 12 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7) province, (8) postal, (9) country, (10) tollfree, (11) phone, (12) fax, or (13) mobile parameter in a saveitem action in the contacts module; (14) title parameter in a savecategory action in the menus module; (15) firstname or (16) lastname in a saveitem action in the users module; (17) meta_key or (18) meta_description in a saveitem action in the blog module; or (19) the PATH_INFO to admin/index.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9F00380-30DB-4C98-B754-52095AD74F93",
"versionEndIncluding": "1.1.5"
},
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:0.90:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "166A9148-8ED7-49FC-A8B3-2FEE23968DB6"
},
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:0.91:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F79B921-6FAD-43DD-A92C-A037E741E5E8"
},
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:0.98:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A724AB8-8492-419B-8850-48B64C8C1643"
},
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:0.99:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4757C0A1-CCB8-4FAA-B081-F42B09666318"
},
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "185D7CA6-57C7-4590-A1F4-90CCA1A2302B"
},
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF6A49E2-1191-4FE0-A61E-421D441B3787"
},
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA1DC3F0-7EC8-49B0-A0B2-BE06F201E89D"
},
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8646C5C6-1A9C-49E0-A25D-6BE6E47DB9A8"
},
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0169F08E-12BD-401A-9DB5-1C6A9562A936"
},
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7963826-7F30-4742-8C1C-74A5745E4C02"
},
{
"criteria": "cpe:2.3:a:babygekko:baby_gekko:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "127FC1AC-935E-4B8A-B0A3-743D72D4B62F"
}
],
"operator": "OR"
}
]
}
]