Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ulli Horlacher | Fex | <= 20111129 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html
- http://fex.rus.uni-stuttgart.de/fex.htmlPatch
- http://osvdb.org/79420
- http://secunia.com/advisories/47971Vendor Advisory
- http://www.debian.org/security/2012/dsa-2414
- http://www.openwall.com/lists/oss-security/2012/02/20/1Exploit
- http://www.openwall.com/lists/oss-security/2012/02/20/8
- http://www.openwall.com/lists/oss-security/2012/02/23/2
- http://www.securityfocus.com/bid/52085
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html
- http://fex.rus.uni-stuttgart.de/fex.htmlPatch
- http://osvdb.org/79420
- http://secunia.com/advisories/47971Vendor Advisory
FAQ
What is CVE-2012-1293?
CVE-2012-1293 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to o...
How severe is CVE-2012-1293?
CVE-2012-1293 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1293?
Check the references section above for vendor advisories and patch information. Affected products include: Ulli Horlacher Fex.