Vulnerability CVE-2012-2151

Vulnerability Name:

CVE-2012-2151 (CCN-75104)

Assigned:

2012-04-23

Published:

2012-04-23

Updated:

2017-08-29

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Spip-en
New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables

Source: MLIST
Type: UNKNOWN
[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables

Source: MITRE
Type: CNA
CVE-2012-2151

Source: CCN
Type: SA48939
SPIP Unspecified Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
48939

Source: DEBIAN
Type: UNKNOWN
DSA-2461

Source: DEBIAN
Type: DSA-2461
spip -- several vulnerabilities

Source: MLIST
Type: UNKNOWN
[oss-security] 20120430 CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS

Source: MLIST
Type: UNKNOWN
[oss-security] 20120501 Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS

Source: OSVDB
Type: UNKNOWN
81473

Source: CCN
Type: OSVDB ID: 81473
SPIP Multiple Unspecified XSS

Source: BID
Type: UNKNOWN
53216

Source: CCN
Type: BID-53216
SPIP Multiple Unspecified Cross Site Scripting Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1026970

Source: CCN
Type: SPIP Web Site
SPIP

Source: XF
Type: UNKNOWN
spip-unspecified-xss(75104)

Source: XF
Type: UNKNOWN
spip-unspecified-xss(75104)

Vulnerable Configuration:

Configuration 1:

cpe:/a:spip:spip:1.9:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:1.9.1:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:1.9.2:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.0:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:spip:spip:2.0:rc1:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.0:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:1.9.2d:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:1.9.2:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:1.9.2g:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.0.7:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:1.9.2h:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.1:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.1.7:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.0.9:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.1.8:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.1.11:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.1.12:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.1.9:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.1.10:*:*:*:*:*:*:*

OR cpe:/a:spip:spip:2.0.14:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:18470	P	DSA-2461-1 spip - several	2014-06-23
oval:com.ubuntu.precise:def:20122151000	V	CVE-2012-2151 on Ubuntu 12.04 LTS (precise) - medium.	2012-08-14

BACK