fkie_nvd - fkie_cve-2012-1252

fkie_cve-2012-1252

Vulnerability from fkie_nvd

Published

2012-06-04 15:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760.

References

	URL	Tags
	vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN77947437/index.html
	vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2012-000048
	af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN77947437/index.html
	af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2012-000048

Impacted products

Vendor	Product	Version
rssowl	rssowl	*
rssowl	rssowl	2.0
rssowl	rssowl	2.0
rssowl	rssowl	2.0
rssowl	rssowl	2.0
rssowl	rssowl	2.0
rssowl	rssowl	2.0
rssowl	rssowl	2.0
rssowl	rssowl	2.0
rssowl	rssowl	2.0
rssowl	rssowl	2.0
rssowl	rssowl	2.0.1
rssowl	rssowl	2.0.2
rssowl	rssowl	2.0.3
rssowl	rssowl	2.0.4
rssowl	rssowl	2.0.5
rssowl	rssowl	2.0.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2102ADB2-5178-4A26-B4A7-B66DDDF30761",
              "versionEndIncluding": "2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EC24EDB-568B-447C-8097-DB5629ECFA78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0:milestone5a:*:*:*:*:*:*",
              "matchCriteriaId": "E654D0AD-C3AC-4641-8392-D3775063C2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "98BD32B1-253B-4BFC-82B6-6F9C2E5820B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2B26D26A-8DD4-423D-935C-DB448F8EC8D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "F9156280-4471-4AED-93F3-DA7297490FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0:milestone8a:*:*:*:*:*:*",
              "matchCriteriaId": "6E2A5A63-20E1-465A-B51D-C6F2670A6AE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "52E003D0-9FA5-4AA8-BFD6-6240A60A1C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22DDD678-0383-4FB4-BDA0-E1F44ED18E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8B1AABE8-10F8-4B99-89A7-DF4EC98B8705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3B662F3A-4CE8-4D79-B4F2-32DECC625138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76750014-72D9-419D-86D9-F76E2030B59C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "305507EC-CBFD-42BC-8B21-C5F4CD0F5347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A804794-C3FF-47C3-90FD-C3BFD29665CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B667B59-6CDE-4081-818F-0F4CBA87C97C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0734FBAC-B2AA-4D5F-9BAF-B19B63782D86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rssowl:rssowl:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A813FA7B-951E-4F0B-9963-25F697D9E6B2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en RSSOwl anteriores a v2.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un fedd, es una vulnerabilidad distinta a CVE-2006-4760."
    }
  ],
  "id": "CVE-2012-1252",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-06-04T15:55:01.790",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvn.jp/en/jp/JVN77947437/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN77947437/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000048"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-1252 (GCVE-0-2012-1252)

Vulnerability from cvelistv5

Published

2012-06-04 15:00