CVE-2012-2209

{"id": "CVE-2012-2209", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-08-14T22:55:01.847", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0196.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://piwigo.org/bugs/view.php?id=2607", "source": "cve@mitre.org"}, {"url": "http://piwigo.org/forum/viewtopic.php?id=19173", "source": "cve@mitre.org"}, {"url": "http://piwigo.org/releases/2.3.4", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/48903", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/18782", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/53245", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75186", "source": "cve@mitre.org"}, {"url": "https://www.htbridge.com/advisory/HTB23085", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en admin.php en Piwigo antes de v2.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el par\u00e1metro 'section' en el m\u00f3dulo de configuraci\u00f3n, (2) el par\u00e1metro InstallStatus en el m\u00f3dulo languages_new, o (3) el par\u00e1metro 'theme' en el m\u00f3dulo 'theme'.\r\n"}], "lastModified": "2017-08-29T01:31:34.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9FA2940-9F57-469B-BFEE-5499A87C4394", "versionEndIncluding": "2.3.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}