Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hccgmbh | Mycare2X | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/files/112462/myCare2x-CMS-Cross-Site-Scripting-SQExploit
- http://secunia.com/advisories/49029
- http://www.exploit-db.com/exploits/18844Exploit
- http://www.osvdb.org/81687
- http://www.osvdb.org/81688
- http://www.osvdb.org/81689
- http://www.osvdb.org/81690
- http://www.securityfocus.com/bid/53392Exploit
- http://www.vulnerability-lab.com/get_content.php?id=524
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75391
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75392
- http://packetstormsecurity.org/files/112462/myCare2x-CMS-Cross-Site-Scripting-SQExploit
- http://secunia.com/advisories/49029
- http://www.exploit-db.com/exploits/18844Exploit
- http://www.osvdb.org/81687
FAQ
What is CVE-2012-4262?
CVE-2012-4262 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden...
How severe is CVE-2012-4262?
CVE-2012-4262 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4262?
Check the references section above for vendor advisories and patch information. Affected products include: Hccgmbh Mycare2X.