CVE-2012-1600 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opensuse	Opensuse
Phppgadmin Project	Phppgadmin

Configuration 1 [-]

OR	cpe:2.3:a:phppgadmin_project:phppgadmin::::::::
	cpe:2.3:a:phppgadmin_project:phppgadmin:5.0:::::::*
	cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.1:::::::*
	cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.1:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html
http://secunia.com/advisories/48574
http://sourceforge.net/p/phppgadmin/mailman/message/28783470/
http://www.openwall.com/lists/oss-security/2012/03/28/11
http://www.openwall.com/lists/oss-security/2012/03/29/6
http://www.openwall.com/lists/oss-security/2012/03/30/7
http://www.osvdb.org/80870
http://www.postgresql.org/message-id/4F6B447C.6080204%40dalibo.com
http://www.securityfocus.com/bid/52761
https://bugzilla.redhat.com/show_bug.cgi?id=808439
https://exchange.xforce.ibmcloud.com/vulnerabilities/74440
https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00
https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-05-14T00:00:00

Updated: 2024-08-06T19:01:02.830Z

Reserved: 2012-03-12T00:00:00

Link: CVE-2012-1600

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-05-14T00:55:06.587

Modified: 2024-11-21T01:37:17.070

Link: CVE-2012-1600

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-03T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-03T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "52761", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52761"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/message-id/4F6B447C.6080204%40dalibo.com"}, {"name": "openSUSE-SU-2012:0493", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"}, {"name": "[oss-security] 20120328 Re: CVE request: phppgadmin before 5.0.4 XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/29/6"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0"}, {"name": "[oss-security] 20120330 Re: CVE request: phppgadmin before 5.0.4 XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/30/7"}, {"name": "48574", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48574"}, {"tags": ["x_refsource_MISC"], "url": "http://sourceforge.net/p/phppgadmin/mailman/message/28783470/"}, {"name": "phppgadmin-function-xss(74440)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74440"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=808439"}, {"name": "[oss-security] 20120328 CVE request: phppgadmin before 5.0.4 XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/28/11"}, {"name": "80870", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/80870"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:01:02.830Z"}, "title": "CVE Program Container", "references": [{"name": "52761", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52761"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/message-id/4F6B447C.6080204%40dalibo.com"}, {"name": "openSUSE-SU-2012:0493", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"}, {"name": "[oss-security] 20120328 Re: CVE request: phppgadmin before 5.0.4 XSS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/29/6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0"}, {"name": "[oss-security] 20120330 Re: CVE request: phppgadmin before 5.0.4 XSS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/30/7"}, {"name": "48574", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48574"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://sourceforge.net/p/phppgadmin/mailman/message/28783470/"}, {"name": "phppgadmin-function-xss(74440)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74440"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=808439"}, {"name": "[oss-security] 20120328 CVE request: phppgadmin before 5.0.4 XSS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/28/11"}, {"name": "80870", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/80870"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1600", "datePublished": "2014-05-14T00:00:00", "dateReserved": "2012-03-12T00:00:00", "dateUpdated": "2024-08-06T19:01:02.830Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phppgadmin_project:phppgadmin:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAE528CD-0F2D-4E86-8544-AFBEDF2F921A", "versionEndIncluding": "5.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgadmin_project:phppgadmin:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "196B6B12-3392-43CC-9CF2-AE5F02202224", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "97CAC6C6-6D5C-4565-B7DD-8CC8E87840CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "57A68D4B-DC8B-4D79-9557-B52A3C2BB084", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en functions.php en phpPgAdmin anterior a 5.0.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del (1) nombre o (2) tipo de una funci\u00f3n."}], "id": "CVE-2012-1600", "lastModified": "2024-11-21T01:37:17.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-05-14T00:55:06.587", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48574"}, {"source": "secalert@redhat.com", "url": "http://sourceforge.net/p/phppgadmin/mailman/message/28783470/"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/28/11"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/29/6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/30/7"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/80870"}, {"source": "secalert@redhat.com", "url": "http://www.postgresql.org/message-id/4F6B447C.6080204%40dalibo.com"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/52761"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=808439"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74440"}, {"source": "secalert@redhat.com", "url": "https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00"}, {"source": "secalert@redhat.com", "url": "https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48574"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/p/phppgadmin/mailman/message/28783470/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/28/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/29/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/30/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/80870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.postgresql.org/message-id/4F6B447C.6080204%40dalibo.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=808439"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74440"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}