CVE-2012-1880
published 2012-06-12CVE-2012-1880: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a…
PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
24.05%
97.6th percentile
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
ghsa4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet
ghsa·2022-05-17·CVSS 4.3
CVE-2013-1880 [MEDIUM] CWE-79 Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet
Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.
GHSA
GHSA-v3vw-x3rj-h727: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessi
ghsa_unreviewed·2022-05-13
CVE-2012-1880 [HIGH] CWE-94 GHSA-v3vw-x3rj-h727: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessi
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
Red Hat
ActiveMQ: XSS vulnerability in portfolioPublish demo application
vendor_redhat·2013-03-21·CVSS 4.3
CVE-2013-1880 [MEDIUM] CWE-79 ActiveMQ: XSS vulnerability in portfolioPublish demo application
ActiveMQ: XSS vulnerability in portfolioPublish demo application
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.
Package: activemq (OpenShift Enterprise 1) - Not affected
No detection rules found.
No public exploits indexed.
http://www.us-cert.gov/cas/techalerts/TA12-164A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14975http://www.us-cert.gov/cas/techalerts/TA12-164A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14975
2012-06-12
Published