CVE-2012-6040
published 2012-11-26CVE-2012-6040: Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.61%
73.0th percentile
Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| convergine | file_king_advanced_file_management | — | — |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.4 | 2.19-0ubuntu6.4 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vf6x-wgx6-9fxg: Cross-site scripting (XSS) vulnerability in users
ghsa_unreviewed·2022-05-17
CVE-2012-6040 [MEDIUM] CWE-79 GHSA-vf6x-wgx6-9fxg: Cross-site scripting (XSS) vulnerability in users
Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
OSV
eglibc, glibc vulnerabilities
osv·2014-12-03·CVSS 5.0
CVE-2012-6656 eglibc, glibc vulnerabilities
eglibc, glibc vulnerabilities
Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled
certain multibyte characters when using the iconv function. An attacker
could possibly use this issue to cause applications to crash, resulting in
a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu
12.04 LTS. (CVE-2012-6656)
Adhemerval Zanella Netto discovered that the GNU C Library incorrectly
handled certain multibyte characters when using the iconv function. An
attacker could possibly use this issue to cause applications to crash,
resulting in a denial of service. (CVE-2014-6040)
Tim Waugh discovered that the GNU C Library incorrectly enforced the
WRDE_NOCMD flag when handling the wordexp function. An attacker could
possibly use this issue to execute arbitrary
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.org/files/view/108466/afm134-xss.txthttp://www.securityfocus.com/bid/51339https://exchange.xforce.ibmcloud.com/vulnerabilities/72275http://packetstormsecurity.org/files/view/108466/afm134-xss.txthttp://www.securityfocus.com/bid/51339https://exchange.xforce.ibmcloud.com/vulnerabilities/72275
2012-11-26
Published