CVE-2012-2436
Summary
| CVE | CVE-2012-2436 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-05-27 20:55:00 UTC |
| Updated | 2017-08-29 01:31:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pligg | Pligg Cms | All | All | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | All | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | rc1 | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | rc2 | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | rc3 | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | rc4 | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | rc5 | All | All |
| Application | Pligg | Pligg Cms | 1.0.1 | All | All | All |
| Application | Pligg | Pligg Cms | 1.0.2 | All | All | All |
| Application | Pligg | Pligg Cms | 1.0.3 | All | All | All |
| Application | Pligg | Pligg Cms | 1.0.4 | All | All | All |
| Application | Pligg | Pligg Cms | 1.1.0 | All | All | All |
| Application | Pligg | Pligg Cms | 1.1.2 | All | All | All |
| Application | Pligg | Pligg Cms | 1.1.3 | All | All | All |
| Application | Pligg | Pligg Cms | 1.1.4 | All | All | All |
| Application | Pligg | Pligg Cms | 1.1.5 | All | All | All |
| Application | Pligg | Pligg Cms | 1.2.0 | All | All | All |
| Application | Pligg | Pligg Cms | 9.5 | All | All | All |
| Application | Pligg | Pligg Cms | 9.9 | All | All | All |
| Application | Pligg | Pligg Cms | 9.9.0 | All | All | All |
| Application | Pligg | Pligg Cms | 9.9.0 | beta | All | All |
| Application | Pligg | Pligg Cms | 9.9.5 | All | All | All |
| Application | Pligg | Pligg Cms | 9.9.5 | beta | All | All |
| Application | Pligg | Pligg Cms | All | All | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | All | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | rc1 | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | rc2 | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | rc3 | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | rc4 | All | All |
| Application | Pligg | Pligg Cms | 1.0.0 | rc5 | All | All |
| Application | Pligg | Pligg Cms | 1.0.1 | All | All | All |
| Application | Pligg | Pligg Cms | 1.0.2 | All | All | All |
| Application | Pligg | Pligg Cms | 1.0.3 | All | All | All |
| Application | Pligg | Pligg Cms | 1.0.4 | All | All | All |
| Application | Pligg | Pligg Cms | 1.1.0 | All | All | All |
| Application | Pligg | Pligg Cms | 1.1.2 | All | All | All |
| Application | Pligg | Pligg Cms | 1.1.3 | All | All | All |
| Application | Pligg | Pligg Cms | 1.1.4 | All | All | All |
| Application | Pligg | Pligg Cms | 1.1.5 | All | All | All |
| Application | Pligg | Pligg Cms | 1.2.0 | All | All | All |
| Application | Pligg | Pligg Cms | 9.5 | All | All | All |
| Application | Pligg | Pligg Cms | 9.9 | All | All | All |
| Application | Pligg | Pligg Cms | 9.9.0 | All | All | All |
| Application | Pligg | Pligg Cms | 9.9.0 | beta | All | All |
| Application | Pligg | Pligg Cms | 9.9.5 | All | All | All |
| Application | Pligg | Pligg Cms | 9.9.5 | beta | All | All |
| Application | Pligg | Pligg Cms | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 404 Not Found | CONFIRM | pligg.svn.sourceforge.net | |
| 404 Not Found | CONFIRM | pligg.svn.sourceforge.net | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| 404 Not Found | CONFIRM | pligg.svn.sourceforge.net | |
| Pligg CMS 1.2.2 - Downloads - Pligg Forum | CONFIRM | forums.pligg.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| File Not Found | MISC | www.htbridge.com | |
| Computer Security Research - Secunia | MISC | secunia.com | Vendor Advisory |
| Pligg CMS Multiple SQL Injection and Cross Site Scripting Vulnerabilities | BID | www.securityfocus.com | |
| 404 Not Found | CONFIRM | pligg.svn.sourceforge.net | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| Pligg CMS CVE-2012-2436 Multiple Cross Site Scripting Vulnerabilities | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.