CVE-2012-5316

{"id": "CVE-2012-5316", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-10-08T17:55:01.293", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/51599", "source": "cve@mitre.org"}, {"url": "http://www.vulnerability-lab.com/get_content.php?id=28", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72579", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/51599", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vulnerability-lab.com/get_content.php?id=28", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72579", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Barracuda Spam & Virus Firewall 600 Firmware v4.0.1.009 y anteriores permite a atacantes remotos autenticados inyectar secuencias de comandos web o HTML mediante (1) Troubleshosting en el Trace route Device o (2) LDAP Username en el m\u00f3dulo de configuraci\u00f3n de LDAP"}], "lastModified": "2024-11-21T01:44:28.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:barracudanetworks:spam_\\&_virus_firewall_600_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3A5966D-E84E-4AB8-A06A-383002EA49E7", "versionEndIncluding": "4.0.1.009"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:barracudanetworks:spam_\\&_virus_firewall_600:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9EDC527-64EE-44D4-9927-9400FBC8A4DC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}