CVE-2012-6430

{"id": "CVE-2012-6430", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-03-24T16:43:01.910", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0035.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/89119", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/89120", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/119422/Quick.Cms-5.0-Quick.Cart-6.0-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51769", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51813", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81169", "source": "cve@mitre.org"}, {"url": "https://www.htbridge.com/advisory/HTB23135", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140."}, {"lang": "es", "value": "Vulnerabilidad de XSS en Open Solution Quick.Cms 5.0 y Quick.Cart 6.0, posiblemente descargado antes del 19 de diciembre del 2012, permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del PATH_INFO hacia admin.php. NOTA: Esto podr\u00eda ser un duplicado de CVE-2008-4140."}], "lastModified": "2017-08-29T01:32:56.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensolution:quick_cart:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64F807E7-5792-484A-8AE1-7BECE15F0442"}, {"criteria": "cpe:2.3:a:opensolution:quick_cms:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A1208A7-9F74-4198-8282-948F7C3B4CF2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}