ID

VAR-190001-0578


TITLE

RabbitWiki \342\200\230title\342\200\231 parameter cross-site scripting vulnerability

Trust: 0.6

sources: CNVD: CNVD-2012-9080

DESCRIPTION

RabbitWiki has a cross-site scripting vulnerability. The vulnerability stems from the insufficient filtering of data provided to users. An attacker could exploit the vulnerability to execute arbitrary script code in an uninformed user's browser within the context of the affected site, stealing a cookie-based authentication certificate and performing other attacks. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. cookie Certificate to perform other attacks

Trust: 0.99

sources: CNVD: CNVD-2012-9080 // BID: 51971 // IVD: a0667e68-1f74-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a0667e68-1f74-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9080

AFFECTED PRODUCTS

vendor:rabbitwikimodel:rabbitwikiscope: - version: -

Trust: 0.6

vendor:rabbitwikimodel: - scope:eqversion:*

Trust: 0.4

vendor:rabbitwikimodel:rabbitwikiscope:eqversion:0

Trust: 0.3

sources: IVD: a0667e68-1f74-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9080 // BID: 51971

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2012-9080
value: MEDIUM

Trust: 0.6

IVD: a0667e68-1f74-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2012-9080
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a0667e68-1f74-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: a0667e68-1f74-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9080

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-209

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201202-209

EXTERNAL IDS

db:BIDid:51971

Trust: 1.5

db:CNVDid:CNVD-2012-9080

Trust: 0.8

db:CNNVDid:CNNVD-201202-209

Trust: 0.6

db:IVDid:A0667E68-1F74-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: a0667e68-1f74-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9080 // BID: 51971 // CNNVD: CNNVD-201202-209

REFERENCES

url:http://www.securityfocus.com/bid/51971

Trust: 1.2

url:http://st2tea.blogspot.com/2012/02/rabbitwiki-cross-site-scripting.html

Trust: 0.3

url:http://www.rustyspigot.com/webmasters/s/rabbitwiki/

Trust: 0.3

sources: CNVD: CNVD-2012-9080 // BID: 51971 // CNNVD: CNNVD-201202-209

CREDITS

Sony

Trust: 0.9

sources: BID: 51971 // CNNVD: CNNVD-201202-209

SOURCES

db:IVDid:a0667e68-1f74-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-9080
db:BIDid:51971
db:CNNVDid:CNNVD-201202-209

LAST UPDATE DATE

2022-05-17T01:57:30.619000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-9080date:2012-02-14T00:00:00
db:BIDid:51971date:2012-02-10T00:00:00
db:CNNVDid:CNNVD-201202-209date:2012-02-14T00:00:00

SOURCES RELEASE DATE

db:IVDid:a0667e68-1f74-11e6-abef-000c29c66e3ddate:2012-02-14T00:00:00
db:CNVDid:CNVD-2012-9080date:2012-02-14T00:00:00
db:BIDid:51971date:2012-02-10T00:00:00
db:CNNVDid:CNNVD-201202-209date:1900-01-01T00:00:00