CVE-2012-0309
published 2012-01-13CVE-2012-0309: Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.34%
67.8th percentile
Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cogentdatahub | cascade_datahub | <= 6.4.20 | — |
| cogentdatahub | cogent_datahub | <= 7.1.2 | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | opc_datahub | <= 6.4.20 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pp5j-pvr2-fpqj: Cross-site scripting (XSS) vulnerability in Cogent DataHub 7
ghsa_unreviewed·2022-05-04
CVE-2012-0309 [MEDIUM] CWE-79 GHSA-pp5j-pvr2-fpqj: Cross-site scripting (XSS) vulnerability in Cogent DataHub 7
Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CISA ICS
Cogent DataHub XSS and CRLF
cisa_ics·2013-04-17
Cogent DataHub XSS and CRLF
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Cogent DataHub XSS and CRLF
Last RevisedApril 17, 2013
Alert CodeICSA-12-016-01
## Overview
ICS-CERT is aware of a public report of multiple vulnerabilities in Cogent’s DataHub application. These vulnerabilities include cross-site scripting and an HTTP header injection vulnerability, also known as a carriage return line feed. According to the report, Cogent Real-Times Systems Inc. has produced a patch that resolves these vulnerabilities.
Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. re
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://jvn.jp/en/jp/JVN12983784/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000001http://secunia.com/advisories/47496http://secunia.com/advisories/47525http://www.cogentdatahub.com/ReleaseNotes.htmlhttp://www.securityfocus.com/bid/51375http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/72305http://jvn.jp/en/jp/JVN12983784/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000001http://secunia.com/advisories/47496http://secunia.com/advisories/47525http://www.cogentdatahub.com/ReleaseNotes.htmlhttp://www.securityfocus.com/bid/51375http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/72305
2012-01-13
Published