4.3

CVE-2012-1470

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OcportalOcportal Version <= 7.1.5
OcportalOcportal Version4.0
OcportalOcportal Version4.0.1
OcportalOcportal Version4.0.2
OcportalOcportal Version4.0.3
OcportalOcportal Version4.0.4
OcportalOcportal Version4.0.5
OcportalOcportal Version4.1
OcportalOcportal Version4.1.1
OcportalOcportal Version4.1.2
OcportalOcportal Version4.1.3
OcportalOcportal Version4.1.4
OcportalOcportal Version4.1.5
OcportalOcportal Version4.1.6
OcportalOcportal Version4.1.8
OcportalOcportal Version4.1.9
OcportalOcportal Version4.1.10
OcportalOcportal Version4.1.11
OcportalOcportal Version4.1.12
OcportalOcportal Version4.1.13
OcportalOcportal Version4.2
OcportalOcportal Version4.2 Updatebeta1
OcportalOcportal Version4.2 Updatebeta2
OcportalOcportal Version4.2 Updaterc1
OcportalOcportal Version4.2 Updaterc2
OcportalOcportal Version4.2 Updaterc3
OcportalOcportal Version4.2.1
OcportalOcportal Version4.2.2
OcportalOcportal Version4.3
OcportalOcportal Version4.3 Updaterc1
OcportalOcportal Version4.3 Updaterc2
OcportalOcportal Version4.3 Updaterc3
OcportalOcportal Version4.3.1
OcportalOcportal Version4.3.2
OcportalOcportal Version5.0
OcportalOcportal Version5.0 Updaterc1
OcportalOcportal Version5.0.1
OcportalOcportal Version5.0.2
OcportalOcportal Version5.0.2 Updatebeta1
OcportalOcportal Version5.0.3
OcportalOcportal Version5.1 Updatebeta1
OcportalOcportal Version6.0
OcportalOcportal Version6.0 Updatebeta1
OcportalOcportal Version6.0 Updatebeta2
OcportalOcportal Version6.0 Updaterc1
OcportalOcportal Version6.0 Updaterc2
OcportalOcportal Version6.0 Updaterc3
OcportalOcportal Version6.0.1
OcportalOcportal Version6.0.2
OcportalOcportal Version6.0.3
OcportalOcportal Version6.1
OcportalOcportal Version6.1.1
OcportalOcportal Version6.2 Updaterc1
OcportalOcportal Version7.0
OcportalOcportal Version7.0.1
OcportalOcportal Version7.1
OcportalOcportal Version7.1 Updatebeta1
OcportalOcportal Version7.1.1
OcportalOcportal Version7.1.2
OcportalOcportal Version7.1.3
OcportalOcportal Version7.1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.68% 0.739
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm
http://ocportal.com/site/news/view/ocportal-security-update.htm
Patch
Vendor Advisory
https://www.htbridge.com/advisory/HTB23078
Exploit