SecuritySpace - CVE-2012-1004

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2012-1004

Description: Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information.

Test IDs: 1.3.6.1.4.1.25623.1.0.140204 1.3.6.1.4.1.25623.1.0.71369

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-1004
http://st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html
http://secunia.com/advisories/47849

CVE ID:	CVE-2012-1004
Description:	Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information.
Test IDs:	1.3.6.1.4.1.25623.1.0.140204 1.3.6.1.4.1.25623.1.0.71369
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1004 http://st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html http://secunia.com/advisories/47849