CVE-2012-2586

{"id": "CVE-2012-2586", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-09-19T10:57:02.077", "references": [{"url": "http://www.exploit-db.com/exploits/20353/", "tags": ["Exploit"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode method or (2) a SCRIPT element; an e-mail message body with (3) a crafted SRC attribute of an IFRAME element, (4) a data: URL in the CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element, or (5) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an IMG element; or an e-mail message Date header with (6) a JavaScript alert function used in conjunction with the fromCharCode method, (7) a SCRIPT element, (8) a CSS expression property in the STYLE attribute of an arbitrary element, (9) a crafted SRC attribute of an IFRAME element, or (10) a data: URL in the CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Mailtraq v2.17.3.3150, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del asunto en un mensaje de correo electr\u00f3nico con:(1) uso de la funci\u00f3n Alert de JavaScrip junto al m\u00e9todo fromCharCode o (2) un elemento SCRIPT; un cuerpo de e.mail con (3) un atributo SRC manipulado en un elemento IFRAME, (4) un dato: URL en el atributo CONTENT de un elemento HTTP-EQUIV=\"refresh\" META, o (5) una propiedad expression en una hoja CSS (Cascading Style Sheets) en el atributo STYLE de una elemento IMG; o una cabecera Date en un mensaje de correo electr\u00f3nico con (6) una funci\u00f3n alert de JavaScriptjunto al m\u00e9todo fromCharCode, (7) un elemento SCRIPT, (8) una propiedad expression de CSS en el atributo STYLE de un elemento arbitrario, (9) un atributo SRC modificado en una elemento IFRAME, o (10) una dato URL en el atributo CONTENT de un elemento TTP-EQUIV=\"refresh\" META."}], "lastModified": "2012-10-26T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mailtraq:mailtraq:2.17.3.3150:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35C98DB7-9929-444B-8C38-9E14BCF9A8AE"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}