CVE-2012-2683Cross-site Scripting in Mckay Cumin

CWE-79Cross-site ScriptingCWE-611XML External Entity (XXE) InjectionCWE-776XML Entity Expansion8 documents6 sources
Severity
4.3MEDIUMNVD
GHSA5.0
EPSS
0.5%
top 35.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trevor Mckay CuminRedhat Enterprise MRG
Timeline
PublishedSep 28
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDtrevor_mckay/cumin0.1.5192-4+19

🔴Vulnerability Details

3
GHSA
Several Zend Products Vulnerable to XXE and XEE attacks2022-05-14
GHSA
GHSA-rgxg-4v48-cv79: Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 02022-05-13
CVEList
CVE-2012-2683: Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 02012-09-28

📋Vendor Advisories

1
Red Hat
cumin: multiple XSS flaws2012-09-19

💬Community

3
Bugzilla
CVE-2011-4970 lcgdm: multiple SQL injection vulnerabilities2013-03-12
Bugzilla
CVE-2012-2680 CVE-2012-2681 CVE-2012-2683 CVE-2012-2684 CVE-2012-2685 CVE-2012-2734 CVE-2012-2735 CVE-2012-3459 cumin various flaws [fedora-all]2012-09-19
Bugzilla
CVE-2012-2683 cumin: multiple XSS flaws2012-06-08
CVE-2012-2683 — Cross-site Scripting in Mckay Cumin | cvebase