CVE-2013-1466

CVSS V2 Medium 4.3 CVSS V3 None
Description
Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.
Overview
  • CVE ID
  • CVE-2013-1466
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2014-02-05T15:10:01
  • Last Modified Date
  • 2017-08-29T01:33:09
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:glfusion:glfusion:*:*:*:*:*:*:*:* 1 OR 1.2.2.pl3
cpe:2.3:a:glfusion:glfusion:1.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.0.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.0.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.4.pl1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.4.pl2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.4.pl3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.4.pl4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.5.pl1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.5.pl2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.5.pl3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.6.pl1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.6.pl2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.6.pl3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.6.pl4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.8.pl1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.8.pl2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.8.pl3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.8.pl4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.8.pl5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.1.8.pl6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.2.0.pl1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.2.0.pl2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.2.0.pl3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.2.0.pl4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.2.0.pl5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.2.0.pl6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.2.0.pl7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.2.2.pl1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glfusion:glfusion:1.2.2.pl2:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
History
Created Old Value New Value Data Type Notes
2022-05-10 08:46:54 Added to TrackCVE
2022-12-01 21:47:08 2014-02-05T15:10Z 2014-02-05T15:10:01 CVE Published Date updated
2022-12-01 21:47:08 2017-08-29T01:33:09 CVE Modified Date updated
2022-12-01 21:47:08 Modified Vulnerability Status updated