CVE-2012-5099
Published Sep 23, 2012
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpb2b:phpb2b:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7991D07-4151-49D2-B5B3-551D39DCD6BB",
"versionEndIncluding": "4.1"
},
{
"criteria": "cpe:2.3:a:phpb2b:phpb2b:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C682299-FE11-41AC-A25F-E6D8EF2C1629"
},
{
"criteria": "cpe:2.3:a:phpb2b:phpb2b:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1926AF1-4261-4D89-BBAD-5A6589A9A6F0"
},
{
"criteria": "cpe:2.3:a:phpb2b:phpb2b:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB33A4D8-D4A3-4F6F-82B4-2697FA986DD7"
},
{
"criteria": "cpe:2.3:a:phpb2b:phpb2b:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FAB5F9F2-A309-4D98-826D-F6FAAC11F333"
},
{
"criteria": "cpe:2.3:a:phpb2b:phpb2b:3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09E1465F-AFDA-4FF9-B2F3-30DAC4F3626D"
},
{
"criteria": "cpe:2.3:a:phpb2b:phpb2b:3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B285CB42-9C51-435A-B177-1ACD479610C8"
},
{
"criteria": "cpe:2.3:a:phpb2b:phpb2b:3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1BC7C159-9A85-4B23-A2CF-2A84DCF959BB"
},
{
"criteria": "cpe:2.3:a:phpb2b:phpb2b:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABE65EBF-7B99-490F-B95E-F079E157BF9C"
}
],
"operator": "OR"
}
]
}
]