4.3

CVE-2012-0873

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BoonexDolphin Version <= 7.0.7
BoonexDolphin Version5.1
BoonexDolphin Version5.2
BoonexDolphin Version6.1.2
BoonexDolphin Version7.0.0
BoonexDolphin Version7.0.1
BoonexDolphin Version7.0.2
BoonexDolphin Version7.0.3
BoonexDolphin Version7.0.3 Updatebeta
BoonexDolphin Version7.0.4
BoonexDolphin Version7.0.5
BoonexDolphin Version7.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.3% 0.899
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://archives.neohapsis.com/archives/bugtraq/2012-02/0107.html
Exploit
http://www.boonex.com/n/dolphin-7-0-8-released
http://www.boonex.com/trac/dolphin/changeset/15282
Patch
http://www.boonex.com/trac/dolphin/changeset/15283
Patch
Exploit
http://www.boonex.com/trac/dolphin/ticket/2530
Patch
http://www.openwall.com/lists/oss-security/2012/02/20/11
Exploit
http://www.openwall.com/lists/oss-security/2012/02/20/6
Exploit
http://www.securityfocus.com/bid/52088
Exploit
http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss
Exploit