Vulnerability Name:

CVE-2012-1262 (CCN-73480)

Assigned:2012-02-24
Published:2012-02-24
Updated:2018-01-18
Summary:Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-1262

Source: JVN
Type: UNKNOWN
JVN#49836527

Source: JVNDB
Type: UNKNOWN
JVNDB-2012-000016

Source: CCN
Type: Movable Type Web site
Publishing Platform

Source: OSVDB
Type: UNKNOWN
79470

Source: CCN
Type: Packetstorm Security Website
Movable Type Publishing Platform Cross Site Scripting

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html

Source: FULLDISC
Type: UNKNOWN
20120224 TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform

Source: DEBIAN
Type: UNKNOWN
DSA-2423

Source: DEBIAN
Type: DSA-2423
movabletype-opensource -- several vulnerabilities

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.movabletype.org/documentation/appendices/release-notes/513.html

Source: CCN
Type: OSVDB ID: 79470
Movable Type /cgi-bin/mt/mt-wizard.cgi dbuser Parameter XSS

Source: BID
Type: UNKNOWN
52138

Source: CCN
Type: BID-52138
Movable Type Multiple Remote Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1026738

Source: XF
Type: UNKNOWN
movable-type-mtwizard-xss(73411)

Source: XF
Type: UNKNOWN
movable-type-publishing-mtwizard-xss(73480)

Source: XF
Type: UNKNOWN
movable-type-publishing-mtwizard-xss(73480)

Source: MISC
Type: Exploit
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt

Vulnerable Configuration:Configuration 1:
  • cpe:/a:movabletype:movable_type_open_source:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.0:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.01:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.1:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.2:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.23:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.25:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.26:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.31:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.32:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.33:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.34:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.35:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.36:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:*:*:*:*:*:*:*:* (Version <= 4.37)
  • OR cpe:/a:movabletype:movable_type_open_source:4.261:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.361:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.03:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.04:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.05:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.06:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.031:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.051:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:movabletype:movable_type_enterprise:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.0:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.01:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.1:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.2:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.23:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.25:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.26:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.31:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.32:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.33:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.34:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.35:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.36:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:*:*:*:*:*:*:*:* (Version <= 4.37)
  • OR cpe:/a:movabletype:movable_type_enterprise:4.261:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.361:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.03:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.04:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.05:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.06:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.031:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.051:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:movabletype:movable_type_advanced:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.0:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.01:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.1:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.2:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.23:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.25:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.26:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.31:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.32:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.33:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.34:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.35:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.36:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:*:*:*:*:*:*:*:* (Version <= 4.37)
  • OR cpe:/a:movabletype:movable_type_advanced:4.261:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.361:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.03:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.04:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.05:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.06:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.031:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.051:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:movabletype:movable_type_pro:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.0:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.01:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.1:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.2:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.23:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.25:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.26:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.31:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.32:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.33:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.34:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.35:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.36:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:*:*:*:*:*:*:*:* (Version <= 4.37)
  • OR cpe:/a:movabletype:movable_type_pro:4.261:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.361:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.03:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.04:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.05:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.06:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.031:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.051:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:14661
    P
    		DSA-2423-1 movabletype-opensource -- several
    2014-06-23
    oval:com.ubuntu.precise:def:20121262000
    V
    		CVE-2012-1262 on Ubuntu 12.04 LTS (precise) - medium.
    2012-03-02
    oval:com.ubuntu.trusty:def:20121262000
    V
    		CVE-2012-1262 on Ubuntu 14.04 LTS (trusty) - medium.
    2012-03-02
    BACK
    movabletype movable type open source 4.0
    movabletype movable type open source 4.0 beta
    movabletype movable type open source 4.01 beta
    movabletype movable type open source 4.1
    movabletype movable type open source 4.1 beta
    movabletype movable type open source 4.2
    movabletype movable type open source 4.2 beta
    movabletype movable type open source 4.3
    movabletype movable type open source 4.23
    movabletype movable type open source 4.25
    movabletype movable type open source 4.26
    movabletype movable type open source 4.31
    movabletype movable type open source 4.32
    movabletype movable type open source 4.33
    movabletype movable type open source 4.34
    movabletype movable type open source 4.35
    movabletype movable type open source 4.36
    movabletype movable type open source *
    movabletype movable type open source 4.261
    movabletype movable type open source 4.361
    movabletype movable type open source 5.1
    movabletype movable type open source 5.02
    movabletype movable type open source 5.03
    movabletype movable type open source 5.04
    movabletype movable type open source 5.05
    movabletype movable type open source 5.06
    movabletype movable type open source 5.11
    movabletype movable type open source 5.12
    movabletype movable type open source 5.031
    movabletype movable type open source 5.051
    movabletype movable type enterprise 4.0
    movabletype movable type enterprise 4.0 beta
    movabletype movable type enterprise 4.01 beta
    movabletype movable type enterprise 4.1
    movabletype movable type enterprise 4.1 beta
    movabletype movable type enterprise 4.2
    movabletype movable type enterprise 4.2 beta
    movabletype movable type enterprise 4.3
    movabletype movable type enterprise 4.23
    movabletype movable type enterprise 4.25
    movabletype movable type enterprise 4.26
    movabletype movable type enterprise 4.31
    movabletype movable type enterprise 4.32
    movabletype movable type enterprise 4.33
    movabletype movable type enterprise 4.34
    movabletype movable type enterprise 4.35
    movabletype movable type enterprise 4.36
    movabletype movable type enterprise *
    movabletype movable type enterprise 4.261
    movabletype movable type enterprise 4.361
    movabletype movable type enterprise 5.1
    movabletype movable type enterprise 5.02
    movabletype movable type enterprise 5.03
    movabletype movable type enterprise 5.04
    movabletype movable type enterprise 5.05
    movabletype movable type enterprise 5.06
    movabletype movable type enterprise 5.11
    movabletype movable type enterprise 5.12
    movabletype movable type enterprise 5.031
    movabletype movable type enterprise 5.051
    movabletype movable type advanced 4.0
    movabletype movable type advanced 4.0 beta
    movabletype movable type advanced 4.01 beta
    movabletype movable type advanced 4.1
    movabletype movable type advanced 4.1 beta
    movabletype movable type advanced 4.2
    movabletype movable type advanced 4.2 beta
    movabletype movable type advanced 4.3
    movabletype movable type advanced 4.23
    movabletype movable type advanced 4.25
    movabletype movable type advanced 4.26
    movabletype movable type advanced 4.31
    movabletype movable type advanced 4.32
    movabletype movable type advanced 4.33
    movabletype movable type advanced 4.34
    movabletype movable type advanced 4.35
    movabletype movable type advanced 4.36
    movabletype movable type advanced *
    movabletype movable type advanced 4.261
    movabletype movable type advanced 4.361
    movabletype movable type advanced 5.1
    movabletype movable type advanced 5.02
    movabletype movable type advanced 5.03
    movabletype movable type advanced 5.04
    movabletype movable type advanced 5.05
    movabletype movable type advanced 5.06
    movabletype movable type advanced 5.11
    movabletype movable type advanced 5.12
    movabletype movable type advanced 5.031
    movabletype movable type advanced 5.051
    movabletype movable type pro 4.0
    movabletype movable type pro 4.0 beta
    movabletype movable type pro 4.01 beta
    movabletype movable type pro 4.1
    movabletype movable type pro 4.1 beta
    movabletype movable type pro 4.2
    movabletype movable type pro 4.2 beta
    movabletype movable type pro 4.3
    movabletype movable type pro 4.23
    movabletype movable type pro 4.25
    movabletype movable type pro 4.26
    movabletype movable type pro 4.31
    movabletype movable type pro 4.32
    movabletype movable type pro 4.33
    movabletype movable type pro 4.34
    movabletype movable type pro 4.35
    movabletype movable type pro 4.36
    movabletype movable type pro *
    movabletype movable type pro 4.261
    movabletype movable type pro 4.361
    movabletype movable type pro 5.1
    movabletype movable type pro 5.02
    movabletype movable type pro 5.03
    movabletype movable type pro 5.04
    movabletype movable type pro 5.05
    movabletype movable type pro 5.06
    movabletype movable type pro 5.11
    movabletype movable type pro 5.12
    movabletype movable type pro 5.031
    movabletype movable type pro 5.051