CVE-2012-3830

Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/81637
http://secunia.com/advisories/48931	Vendor Advisory
http://www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags
http://www.securityfocus.com/bid/53332	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/75333
https://github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83	Exploit Patch
https://github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9	Exploit Patch
http://osvdb.org/81637
http://secunia.com/advisories/48931	Vendor Advisory
http://www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags
http://www.securityfocus.com/bid/53332	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/75333
https://github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83	Exploit Patch
https://github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9	Exploit Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:milesj:decoda::::::::
	cpe:2.3:a:milesj:decoda:2.2:::::::*
	cpe:2.3:a:milesj:decoda:2.3:::::::*
	cpe:2.3:a:milesj:decoda:2.4:::::::*
	cpe:2.3:a:milesj:decoda:2.5:::::::*
	cpe:2.3:a:milesj:decoda:2.6:::::::*
	cpe:2.3:a:milesj:decoda:2.7:::::::*
	cpe:2.3:a:milesj:decoda:2.8:::::::*
	cpe:2.3:a:milesj:decoda:2.9:::::::*
	cpe:2.3:a:milesj:decoda:3.0:::::::*
	cpe:2.3:a:milesj:decoda:3.1:::::::*
	cpe:2.3:a:milesj:decoda:3.2:::::::*
	cpe:2.3:a:milesj:decoda:3.3:::::::*

History

21 Nov 2024, 01:41

Type	Values Removed	Values Added
References	~~() http://osvdb.org/81637 -~~	() http://osvdb.org/81637 -
References	~~() http://secunia.com/advisories/48931 - Vendor Advisory~~	() http://secunia.com/advisories/48931 - Vendor Advisory
References	~~() http://www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags -~~	() http://www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags -
References	~~() http://www.securityfocus.com/bid/53332 - Exploit~~	() http://www.securityfocus.com/bid/53332 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/75333 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/75333 -
References	~~() https://github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83 - Exploit, Patch~~	() https://github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83 - Exploit, Patch
References	~~() https://github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9 - Exploit, Patch~~	() https://github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9 - Exploit, Patch

Information

Published : 2012-07-03 22:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-3830

Mitre link : CVE-2012-3830

CVE.ORG link : CVE-2012-3830

JSON object : View

Products Affected

milesj

decoda

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10