CVE-2012-1979

Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.

Published: Apr 17, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-1979
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
syndeocms / syndeocms	2.8.02	2.8.02.x
syndeocms / syndeocms	2.4	2.4.x
syndeocms / syndeocms	2.8.1	2.8.1.x
syndeocms / syndeocms	2.5.01	2.5.01.x
syndeocms / syndeocms	2.6.00	2.6.00.x
syndeocms / syndeocms	2.5.00	2.5.00.x
syndeocms / syndeocms	-	3.0.01.x
syndeocms / syndeocms	2.9.00	2.9.00.x
syndeocms / syndeocms	2.7.00	2.7.00.x
syndeocms / syndeocms	2.8.00	2.8.00.x
syndeocms / syndeocms	2.4.10	2.4.10.x
syndeocms / syndeocms	3.0.00	3.0.00.x

http://osvdb.org/80746
http://packetstormsecurity.org/files/111405/SyndeoCMS-3.0.01-Cross-Site-Scripting.html
http://www.exploit-db.com/exploits/18686/
http://www.securityfocus.com/bid/52840
http://www.webapp-security.com/wp-content/uploads/2012/03/syndeocms_3.0.01-Persistent-XSS.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/74545

Vulnerability Database

CVE-2012-1979