Vulnerability Details : CVE-2012-5452
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2012-5452
Probability of exploitation activity in the next 30 days: 0.70%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-5452
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-5452
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5452
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78468
Subrion CMS multiple scripts cross-site scripting CVE-2011-5211 Vulnerability Report
-
https://www.htbridge.com/advisory/HTB23113
Multiple vulnerabilities in Subrion CMS - HTB23113 Security Advisory | ImmuniWebExploit
-
http://www.subrion.com/forums/announcements/893-subrion-open-source-cms-2-2-2-has-been-released.html
Subrion Open Source CMS 2.2.2 has been released! | Subrion CMS ForumsVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78467
Subrion CMS multiple scripts cross-site scripting CVE-2012-5452 Vulnerability Report
-
http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html
Subrion CMS 2.2.1 XSS / CSRF / SQL Injection ≈ Packet Storm
-
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5105.php
Zero Science Lab » Subrion CMS 2.2.1 Multiple Remote XSS POST Injection VulnerabilitiesExploit
-
http://packetstormsecurity.org/files/116434/Subrion-CMS-2.2.1-Cross-Site-Scripting.html
Subrion CMS 2.2.1 Cross Site Scripting ≈ Packet StormExploit
-
http://www.securityfocus.com/bid/55502
Subrion CMS Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Products affected by CVE-2012-5452
- cpe:2.3:a:intelliants:subrion_cms:2.2.1:*:*:*:*:*:*:*