Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Otterware | Statit | 4.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/files/108340/statit4-xss.txtExploit
- http://st2tea.blogspot.com/2012/01/otterware-statit4-cross-site-scripting.htmlExploit
- http://www.securityfocus.com/bid/51280Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72139
- http://packetstormsecurity.org/files/108340/statit4-xss.txtExploit
- http://st2tea.blogspot.com/2012/01/otterware-statit4-cross-site-scripting.htmlExploit
- http://www.securityfocus.com/bid/51280Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72139
FAQ
What is CVE-2012-5341?
CVE-2012-5341 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show paramete...
How severe is CVE-2012-5341?
CVE-2012-5341 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5341?
Check the references section above for vendor advisories and patch information. Affected products include: Otterware Statit.