Vulnerability Description
Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensolution | Quick.Cart | 6.0 |
| Opensolution | Quick Cms | 5.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0035.htmlExploit
- http://osvdb.org/89119
- http://osvdb.org/89120
- http://packetstormsecurity.com/files/119422/Quick.Cms-5.0-Quick.Cart-6.0-Cross-SExploit
- http://secunia.com/advisories/51769Vendor Advisory
- http://secunia.com/advisories/51813Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81169
- https://www.htbridge.com/advisory/HTB23135Exploit
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0035.htmlExploit
- http://osvdb.org/89119
- http://osvdb.org/89120
- http://packetstormsecurity.com/files/119422/Quick.Cms-5.0-Quick.Cart-6.0-Cross-SExploit
- http://secunia.com/advisories/51769Vendor Advisory
- http://secunia.com/advisories/51813Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81169
FAQ
What is CVE-2012-6430?
CVE-2012-6430 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or H...
How severe is CVE-2012-6430?
CVE-2012-6430 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6430?
Check the references section above for vendor advisories and patch information. Affected products include: Opensolution Quick.Cart, Opensolution Quick Cms.