Sign-up

ID

VAR-201202-0271


CVE

CVE-2012-1084


TITLE

TYPO3 for BE User Switch Cross-site scripting vulnerability in extensions

Trust: 0.8

sources: JVNDB: JVNDB-2012-001466

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. BE User Switch 0.0.1 is vulnerable; other versions may be affected. Typo3, one of the leading brands of open source Content Management Systems (CMS) and Content Management Frameworks (CMF) based on PHP and MySQL databases, is a powerful open source solution

Trust: 1.98

sources: NVD: CVE-2012-1084 // JVNDB: JVNDB-2012-001466 // BID: 51852 // VULHUB: VHN-54365

AFFECTED PRODUCTS

vendor:typo3model:beuserswitchscope:eqversion:0.0.1

Trust: 1.6

vendor:be user switchmodel:be user switchscope:eqversion:0.0.1

Trust: 0.8

vendor:typo3model:be user switchscope:eqversion:0.0.1

Trust: 0.3

sources: BID: 51852 // JVNDB: JVNDB-2012-001466 // CNNVD: CNNVD-201202-264 // NVD: CVE-2012-1084

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1084
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1084
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201202-264
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54365
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1084
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-54365
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54365 // JVNDB: JVNDB-2012-001466 // CNNVD: CNNVD-201202-264 // NVD: CVE-2012-1084

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-54365 // JVNDB: JVNDB-2012-001466 // NVD: CVE-2012-1084

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-264

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201202-264

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-001466

PATCH
title:TYPO3-EXT-SA-2012-001url:http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-001466

EXTERNAL IDS
db:NVDid:CVE-2012-1084
Trust: 2.5
db:BIDid:51852
Trust: 2.0
db:OSVDBid:78798
Trust: 1.7
db:JVNDBid:JVNDB-2012-001466
Trust: 0.8
db:CNNVDid:CNNVD-201202-264
Trust: 0.7
db:VULHUBid:VHN-54365
Trust: 0.1
sources:
            
            
            VULHUB: VHN-54365 // 
            
            
            
            BID: 51852 // 
            
            
            
            JVNDB: JVNDB-2012-001466 // 
            
            
            
            CNNVD: CNNVD-201202-264 // 
            
            
            
            NVD: CVE-2012-1084

REFERENCES
url:http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/
Trust: 2.0
url:http://www.securityfocus.com/bid/51852
Trust: 1.7
url:http://osvdb.org/78798
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72974
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1084
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1084
Trust: 0.8
url:http://typo3.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-54365 // 
            
            
            
            BID: 51852 // 
            
            
            
            JVNDB: JVNDB-2012-001466 // 
            
            
            
            CNNVD: CNNVD-201202-264 // 
            
            
            
            NVD: CVE-2012-1084

CREDITS
Helmut Hummel
Trust: 0.3
sources:
            
            
            BID: 51852

SOURCES
db:VULHUBid:VHN-54365
db:BIDid:51852
db:JVNDBid:JVNDB-2012-001466
db:CNNVDid:CNNVD-201202-264
db:NVDid:CVE-2012-1084

LAST UPDATE DATE
2024-11-23T21:56:01.663000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-54365date:2017-08-29T00:00:00
db:BIDid:51852date:2012-02-02T00:00:00
db:JVNDBid:JVNDB-2012-001466date:2012-02-17T00:00:00
db:CNNVDid:CNNVD-201202-264date:2012-02-15T00:00:00
db:NVDid:CVE-2012-1084date:2024-11-21T01:36:22.757

SOURCES RELEASE DATE
db:VULHUBid:VHN-54365date:2012-02-14T00:00:00
db:BIDid:51852date:2012-02-02T00:00:00
db:JVNDBid:JVNDB-2012-001466date:2012-02-17T00:00:00
db:CNNVDid:CNNVD-201202-264date:2012-02-15T00:00:00
db:NVDid:CVE-2012-1084date:2012-02-14T17:55:03.507