CVE-2012-1410 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kadu	Kadu

Configuration 1 [-]

OR	cpe:2.3:a:kadu:kadu:0.9.0:::::::*
	cpe:2.3:a:kadu:kadu:0.10.0:::::::*
	cpe:2.3:a:kadu:kadu:0.11.0:::::::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2012/02/27/26
http://www.openwall.com/lists/oss-security/2012/02/27/3	Patch
https://bugzilla.novell.com/show_bug.cgi?id=749036	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=797777	Patch
https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6	Patch
https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0	Patch
https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84	Exploit Patch
https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52	Exploit Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:15:25

Updated: 2022-10-03T16:15:25

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-1410

JSON object: View

NVD Information

Status : Analyzed

Published: 2012-02-29T11:55:05.940

Modified: 2012-02-29T11:55:05.940

Link: CVE-2012-1410

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=749036"}, {"name": "[oss-security] 20120227 Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/02/27/26"}, {"name": "[oss-security] 20120227 CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/02/27/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797777"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1410", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52", "refsource": "CONFIRM", "url": "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52"}, {"name": "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6", "refsource": "CONFIRM", "url": "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6"}, {"name": "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0", "refsource": "CONFIRM", "url": "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0"}, {"name": "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84", "refsource": "CONFIRM", "url": "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=749036", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=749036"}, {"name": "[oss-security] 20120227 Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/02/27/26"}, {"name": "[oss-security] 20120227 CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/02/27/3"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=797777", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797777"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1410", "datePublished": "2022-10-03T16:15:25", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kadu:kadu:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "ACD4C191-EE4C-49D9-A917-0CC79DB36964", "vulnerable": true}, {"criteria": "cpe:2.3:a:kadu:kadu:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC5DFCE1-B547-49C4-85E8-E97D79660A56", "vulnerable": true}, {"criteria": "cpe:2.3:a:kadu:kadu:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C06543E-715B-4E46-8484-D46BE4F0D46B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la implementaci\u00f3n de History Window en Kadu v0.9.0 hasta 0.11.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) mensaje SMS (2) mensaje de presencia o (3) descripci\u00f3n de estado manipulados."}], "id": "CVE-2012-1410", "lastModified": "2012-02-29T11:55:05.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-02-29T11:55:05.940", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2012/02/27/26"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2012/02/27/3"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=749036"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797777"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}