CVE-2012-1110 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Datemill	Etano

Configuration 1 [-]

cpe:2.3:a:datemill:etano:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2012-03/0013.html
http://secunia.com/advisories/48165
http://www.openwall.com/lists/oss-security/2012/03/05/15
http://www.openwall.com/lists/oss-security/2012/03/05/21
http://www.osvdb.org/79827
http://www.osvdb.org/79828
http://www.osvdb.org/79829
http://www.osvdb.org/79830
http://www.securityfocus.com/bid/52295
http://yehg.net/lab/pr0js/advisories/%5Betano_1.2.x%5D_xss
https://exchange.xforce.ibmcloud.com/vulnerabilities/73669

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-09-06T18:00:00

Updated: 2024-08-06T18:45:27.408Z

Reserved: 2012-02-14T00:00:00

Link: CVE-2012-1110

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-09-06T18:55:01.097

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-1110

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-03-05T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "79827", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/79827"}, {"name": "48165", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48165"}, {"name": "79828", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/79828"}, {"name": "79829", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/79829"}, {"name": "etano-multiple-xss(73669)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73669"}, {"name": "52295", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52295"}, {"name": "20120305 Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0013.html"}, {"name": "79830", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/79830"}, {"name": "[oss-security] 20120305 Re: Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/05/21"}, {"name": "[oss-security] 20120306 Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/05/15"}, {"tags": ["x_refsource_MISC"], "url": "http://yehg.net/lab/pr0js/advisories/%5Betano_1.2.x%5D_xss"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1110", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "79827", "refsource": "OSVDB", "url": "http://www.osvdb.org/79827"}, {"name": "48165", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48165"}, {"name": "79828", "refsource": "OSVDB", "url": "http://www.osvdb.org/79828"}, {"name": "79829", "refsource": "OSVDB", "url": "http://www.osvdb.org/79829"}, {"name": "etano-multiple-xss(73669)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73669"}, {"name": "52295", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52295"}, {"name": "20120305 Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0013.html"}, {"name": "79830", "refsource": "OSVDB", "url": "http://www.osvdb.org/79830"}, {"name": "[oss-security] 20120305 Re: Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/05/21"}, {"name": "[oss-security] 20120306 Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/05/15"}, {"name": "http://yehg.net/lab/pr0js/advisories/%5Betano_1.2.x%5D_xss", "refsource": "MISC", "url": "http://yehg.net/lab/pr0js/advisories/%5Betano_1.2.x%5D_xss"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:45:27.408Z"}, "title": "CVE Program Container", "references": [{"name": "79827", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/79827"}, {"name": "48165", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48165"}, {"name": "79828", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/79828"}, {"name": "79829", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/79829"}, {"name": "etano-multiple-xss(73669)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73669"}, {"name": "52295", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52295"}, {"name": "20120305 Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0013.html"}, {"name": "79830", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/79830"}, {"name": "[oss-security] 20120305 Re: Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/05/21"}, {"name": "[oss-security] 20120306 Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/05/15"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://yehg.net/lab/pr0js/advisories/%5Betano_1.2.x%5D_xss"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1110", "datePublished": "2012-09-06T18:00:00", "dateReserved": "2012-02-14T00:00:00", "dateUpdated": "2024-08-06T18:45:27.408Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:datemill:etano:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC5899A2-1FD1-4949-970D-4E31D14BFC7C", "versionEndIncluding": "1.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Etano v1.22 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del usuario (1), (2) correo electr\u00f3nico, (3) Email2, (4) f17_zip, o (5) par\u00e1metro de acuerdo a join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) b\u00fasqueda, o (15) v para search.php; (16) PATH_INFO o (17) st par\u00e1metro para photo_search.php, o (18) para par\u00e1metro de retorno photo_view.php."}], "id": "CVE-2012-1110", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-09-06T18:55:01.097", "references": [{"source": "secalert@redhat.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0013.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48165"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/05/15"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/05/21"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/79827"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/79828"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/79829"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/79830"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/52295"}, {"source": "secalert@redhat.com", "url": "http://yehg.net/lab/pr0js/advisories/%5Betano_1.2.x%5D_xss"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/05/15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/05/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/79827"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/79828"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/79829"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/79830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52295"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://yehg.net/lab/pr0js/advisories/%5Betano_1.2.x%5D_xss"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73669"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}