CVE-2012-0899
published 2012-01-20CVE-2012-0899: Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.59%
72.7th percentile
Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter.
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j2rg-f9wv-hrc6: Cross-site scripting (XSS) vulnerability in referencement/sites_inscription
ghsa_unreviewed·2022-05-17
CVE-2012-0899 [MEDIUM] CWE-79 GHSA-j2rg-f9wv-hrc6: Cross-site scripting (XSS) vulnerability in referencement/sites_inscription
Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter.
Red Hat
(slapd): Assertion failure by processing search queries requesting only attributes for particular entry
vendor_redhat·2012-01-29·CVSS 2.6
CVE-2012-1164 [LOW] (slapd): Assertion failure by processing search queries requesting only attributes for particular entry
(slapd): Assertion failure by processing search queries requesting only attributes for particular entry
slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
Statement: This issue did not affect openldap as shipped with Red Hat Enterprise Linux 5 as it did not contain the relevant assertion. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0899.html
Package: openldap (Red Hat Enterprise Linux 5) - Not affected
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.org/files/view/108719/annuaire-xss.txthttp://www.securityfocus.com/bid/51434https://exchange.xforce.ibmcloud.com/vulnerabilities/72407http://packetstormsecurity.org/files/view/108719/annuaire-xss.txthttp://www.securityfocus.com/bid/51434https://exchange.xforce.ibmcloud.com/vulnerabilities/72407
2012-01-20
Published