fkie_nvd - fkie_cve-2012-6561

fkie_cve-2012-6561

Vulnerability from fkie_nvd

Published

2013-05-23 15:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.

References

URL	Tags
cve@mitre.org	http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released	Patch, Vendor Advisory
cve@mitre.org	http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip	Patch
cve@mitre.org	http://secunia.com/advisories/49129	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/53623
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/75756
af854a3a-2127-422b-91ae-364da2661108	http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49129	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53623
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/75756

Impacted products

Vendor	Product	Version
elgg	elgg	*
elgg	elgg	1.7.0
elgg	elgg	1.7.1
elgg	elgg	1.7.2
elgg	elgg	1.7.3
elgg	elgg	1.7.4
elgg	elgg	1.7.5
elgg	elgg	1.7.6
elgg	elgg	1.7.7
elgg	elgg	1.7.8
elgg	elgg	1.7.9
elgg	elgg	1.7.10
elgg	elgg	1.7.11
elgg	elgg	1.7.12
elgg	elgg	1.7.13
elgg	elgg	1.7.14
elgg	elgg	1.7.15
elgg	elgg	1.7.16
elgg	elgg	1.7.17
elgg	elgg	1.7.18
elgg	elgg	1.8.0.1
elgg	elgg	1.8.1
elgg	elgg	1.8.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:elgg:elgg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF23055F-E32F-47ED-9B11-B8F58518ED32",
              "versionEndIncluding": "1.8.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C80BB5F-1E77-4202-A4D3-3D96FA0969ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D07839A-E8E3-4C7C-9A05-C359FF9A2819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E34DCD3E-7A8D-4A97-838A-D5A0159068EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "663F1815-EAF8-40A3-BAC8-29E359245972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BFE9E2-F931-4197-97CA-5D58FBB763B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "779523EE-7B82-4E10-ABC5-A64D9C0EDBE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7816C52C-5360-4987-8975-9C9C9EFCACBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7AB456D-F688-4E0C-920E-E70C3351A463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDD08B0-FA37-4E81-BD79-8107F8EA5EBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0658B074-66D8-410C-AB08-BC6C7A79B2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F04D49A2-A15A-41A8-A3C3-801F608E7345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D7D1917-81AB-46C4-9176-6961A0FBCA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EC5E77-D90E-451F-BB00-20DBEBDD6FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6383A2DA-20C8-484B-854A-D4A885D1E50A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7509A5-1413-4BAD-93C7-92EE464BCFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1729E9B0-AE66-49FA-A74F-8C0622DE0962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "2079FBBD-1802-4AC8-B40C-F543D03D8A1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFF01033-1BE8-45FC-B631-31E65BC8E6A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.7.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9BCD0C-C890-470A-B185-97301A58712F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6869E5FD-652D-4927-A21B-F530996DFD91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19B1613-CF87-4219-82CD-DA84FEB68F4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elgg:elgg:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C39479E6-2E23-403E-B2CE-FA169C821EE9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en engine/lib/views.php en Elgg antes de v1.8.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro a fin de index.php. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2012-6561",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-05-23T15:55:02.423",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49129"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/53623"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53623"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75756"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-6561 (GCVE-0-2012-6561)

Vulnerability from cvelistv5

Published

2013-05-23 15:00