Vulnerability Description
Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Syndeocms | Syndeocms | <= 3.0.01 |
Related Weaknesses (CWE)
References
- http://osvdb.org/80746
- http://packetstormsecurity.org/files/111405/SyndeoCMS-3.0.01-Cross-Site-Scriptin
- http://www.exploit-db.com/exploits/18686/Exploit
- http://www.securityfocus.com/bid/52840
- http://www.webapp-security.com/wp-content/uploads/2012/03/syndeocms_3.0.01-PersiExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74545
- http://osvdb.org/80746
- http://packetstormsecurity.org/files/111405/SyndeoCMS-3.0.01-Cross-Site-Scriptin
- http://www.exploit-db.com/exploits/18686/Exploit
- http://www.securityfocus.com/bid/52840
- http://www.webapp-security.com/wp-content/uploads/2012/03/syndeocms_3.0.01-PersiExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74545
FAQ
What is CVE-2012-1979?
CVE-2012-1979 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Emai...
How severe is CVE-2012-1979?
CVE-2012-1979 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1979?
Check the references section above for vendor advisories and patch information. Affected products include: Syndeocms Syndeocms.