Details of VAR-190001-0578

ID

VAR-190001-0578

TITLE

RabbitWiki \342\200\230title\342\200\231 parameter cross-site scripting vulnerability

Trust: 0.6

sources: CNVD: CNVD-2012-9080

DESCRIPTION

RabbitWiki has a cross-site scripting vulnerability. The vulnerability stems from the insufficient filtering of data provided to users. An attacker could exploit the vulnerability to execute arbitrary script code in an uninformed user's browser within the context of the affected site, stealing a cookie-based authentication certificate and performing other attacks. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. cookie Certificate to perform other attacks

Trust: 0.99

sources: CNVD: CNVD-2012-9080 // BID: 51971 // IVD: a0667e68-1f74-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a0667e68-1f74-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9080

AFFECTED PRODUCTS

vendor:	rabbitwiki	model:	rabbitwiki	scope:	-	version:	-	Trust: 0.6
vendor:	rabbitwiki	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	rabbitwiki	model:	rabbitwiki	scope:	eq	version:	0	Trust: 0.3

sources: IVD: a0667e68-1f74-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9080 // BID: 51971

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2012-9080
value:	MEDIUM
Trust: 0.6
IVD:	a0667e68-1f74-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2012-9080
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a0667e68-1f74-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: a0667e68-1f74-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9080

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-209

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201202-209

EXTERNAL IDS

db:	BID	id:	51971	Trust: 1.5
db:	CNVD	id:	CNVD-2012-9080	Trust: 0.8
db:	CNNVD	id:	CNNVD-201202-209	Trust: 0.6
db:	IVD	id:	A0667E68-1F74-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: a0667e68-1f74-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9080 // BID: 51971 // CNNVD: CNNVD-201202-209

REFERENCES

url:	http://www.securityfocus.com/bid/51971	Trust: 1.2
url:	http://st2tea.blogspot.com/2012/02/rabbitwiki-cross-site-scripting.html	Trust: 0.3
url:	http://www.rustyspigot.com/webmasters/s/rabbitwiki/	Trust: 0.3

sources: CNVD: CNVD-2012-9080 // BID: 51971 // CNNVD: CNNVD-201202-209

CREDITS

Sony

Trust: 0.9

sources: BID: 51971 // CNNVD: CNNVD-201202-209

SOURCES

db:	IVD	id:	a0667e68-1f74-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-9080
db:	BID	id:	51971
db:	CNNVD	id:	CNNVD-201202-209

LAST UPDATE DATE

2022-05-17T01:57:30.619000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-9080	date:	2012-02-14T00:00:00
db:	BID	id:	51971	date:	2012-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201202-209	date:	2012-02-14T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	a0667e68-1f74-11e6-abef-000c29c66e3d	date:	2012-02-14T00:00:00
db:	CNVD	id:	CNVD-2012-9080	date:	2012-02-14T00:00:00
db:	BID	id:	51971	date:	2012-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201202-209	date:	1900-01-01T00:00:00