CVE-2012-2575

{"id": "CVE-2012-2575", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-09-17T14:55:00.813", "references": [{"url": "http://www.exploit-db.com/exploits/20363/", "tags": ["Exploit"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en NetWin SurgeMail v6.0a4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del atributo SRC de un elemento IFRAME en el cuerpo de un mensaje de correo electr\u00f3nico."}], "lastModified": "2012-09-18T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netwin:surgemail:6.0:a4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9D9FC1C-B907-4FEC-8FC4-7CAFDAB072AF"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}