CVE-2012-4950

{"id": "CVE-2012-4950", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-11-18T21:55:01.197", "references": [{"url": "http://osvdb.org/87053", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/51203", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/802596", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/56381", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79787", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters that are not properly handled during construction of error messages."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la p\u00e1gina de b\u00fasqueda de palabras clave en la interfaz web de Pattern Insight v2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de caracteres modificados que no se gestionan correctamente durante la construcci\u00f3n de los mensajes de error."}], "lastModified": "2017-08-29T01:32:26.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:patterninsight:pattern_insight:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5193A710-0AEB-48F6-A49B-78F91A433ACA"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}