Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using (1) Blog/MyFirstBlog.txt or (2) Blog/AboutSomething.txt.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sphinx-Soft | Mobile Web Server | 3.1.2.47 |
Related Weaknesses (CWE)
References
- http://secpod.org/blog/?p=453
- http://secunia.com/advisories/47876Vendor Advisory
- http://www.securityfocus.com/bid/51820
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72913
- http://secpod.org/blog/?p=453
- http://secunia.com/advisories/47876Vendor Advisory
- http://www.securityfocus.com/bid/51820
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72913
FAQ
What is CVE-2012-1005?
CVE-2012-1005 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as ...
How severe is CVE-2012-1005?
CVE-2012-1005 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1005?
Check the references section above for vendor advisories and patch information. Affected products include: Sphinx-Soft Mobile Web Server.