Vulnerability-Lookup

CVE-2012-5531 (GCVE-0-2012-5531)

Vulnerability from cvelistv5 – Published: 2013-01-18 11:00 – Updated: 2024-08-06 21:05

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

RHSA-2013:0141

Vulnerability from csaf_redhat - Published: 2013-01-07 23:31 - Updated: 2025-11-21 17:41

Summary

Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update

Notes

Topic

An update for the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. Multiple reflected cross-site scripting (XSS) flaws were found in GateIn Portal. If a remote attacker could trick a user, who was logged into the GateIn Portal interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's GateIn Portal session. (CVE-2012-5531) Red Hat would like to thank Hideharu Ohkuma of Ricoh Company for reporting these issues. Warning: Before applying this update, back up all applications deployed on JBoss Enterprise Portal Platform, along with all customized configuration files, and any databases and database settings. All users of JBoss Enterprise Portal Platform 5.2.2 as provided from the Red Hat Customer Portal are advised to install this update.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the GateIn Portal component in JBoss Enterprise Portal\nPlatform 5.2.2 that fixes multiple security issues is now available from\nthe Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Enterprise Portal Platform is the open source implementation of the\nJava EE suite of services and Portal services running atop JBoss Enterprise\nApplication Platform. It comprises a set of offerings for enterprise\ncustomers who are looking for pre-configured profiles of JBoss Enterprise\nMiddleware components that have been tested and certified together to\nprovide an integrated experience.\n\nMultiple reflected cross-site scripting (XSS) flaws were found in GateIn\nPortal. If a remote attacker could trick a user, who was logged into the\nGateIn Portal interface, into visiting a specially-crafted URL, it would\nlead to arbitrary web script execution in the context of the user\u0027s GateIn\nPortal session. (CVE-2012-5531)\n\nRed Hat would like to thank Hideharu Ohkuma of Ricoh Company for reporting\nthese issues.\n\nWarning: Before applying this update, back up all applications deployed on\nJBoss Enterprise Portal Platform, along with all customized configuration\nfiles, and any databases and database settings.\n\nAll users of JBoss Enterprise Portal Platform 5.2.2 as provided from the\nRed Hat Customer Portal are advised to install this update.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:0141",
        "url": "https://access.redhat.com/errata/RHSA-2013:0141"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal\u0026downloadType=securityPatches\u0026version=5.2.2",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal\u0026downloadType=securityPatches\u0026version=5.2.2"
      },
      {
        "category": "external",
        "summary": "877234",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877234"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0141.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:41:49+00:00",
      "generator": {
        "date": "2025-11-21T17:41:49+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2013:0141",
      "initial_release_date": "2013-01-07T23:31:00+00:00",
      "revision_history": [
        {
          "date": "2013-01-07T23:31:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-01-07T23:35:42+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:41:49+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Portal 5.2",
                "product": {
                  "name": "Red Hat JBoss Portal 5.2",
                  "product_id": "Red Hat JBoss Portal 5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Middleware"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Hideharu Ohkuma"
          ],
          "organization": "Ricoh Company"
        }
      ],
      "cve": "CVE-2012-5531",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2012-11-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "877234"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Portal: Reflected Cross-Site Scripting (XSS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Portal 5.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-5531"
        },
        {
          "category": "external",
          "summary": "RHBZ#877234",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877234"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5531",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-5531"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5531",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5531"
        }
      ],
      "release_date": "2013-01-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-07T23:31:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.\n\nNote that it is recommended to halt the JBoss Enterprise Portal Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise Portal Platform server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss Portal 5.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0141"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Portal 5.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Portal: Reflected Cross-Site Scripting (XSS)"
    }
  ]
}

FKIE_CVE-2012-5531

Vulnerability from fkie_nvd - Published: 2013-01-18 11:48 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-0141.html	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/51775	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0141.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51775	Vendor Advisory

Impacted products

	Vendor	Product	Version
	redhat	jboss_enterprise_portal_platform	5.2.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3451D2AD-BB7B-4149-97C3-2DB1BCC0EF85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el portal GateIn en JBoss Enterprise Portal Platform v5.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-5531",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-18T11:48:39.900",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0141.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0141.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51775"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-F38P-9G9F-CRCV

Vulnerability from github – Published: 2022-05-17 05:16 – Updated: 2022-05-17 05:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-5531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-01-18T11:48:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
  "id": "GHSA-f38p-9g9f-crcv",
  "modified": "2022-05-17T05:16:56Z",
  "published": "2022-05-17T05:16:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5531"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0141.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51775"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2012-5531

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-5531

Aliases

CVE-2012-5531

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-5531",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2012-5531",
    "references": [
      "https://access.redhat.com/errata/RHSA-2013:0141"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-5531"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2012-5531",
      "modified": "2023-12-13T01:20:19.164255Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2012-5531",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2013-0141.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0141.html"
          },
          {
            "name": "http://secunia.com/advisories/51775",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/51775"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-5531"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2013:0141",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0141.html"
            },
            {
              "name": "51775",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/51775"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2013-01-18T11:48Z",
      "publishedDate": "2013-01-18T11:48Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-5531 (GCVE-0-2012-5531)

RHSA-2013:0141

FKIE_CVE-2012-5531

GHSA-F38P-9G9F-CRCV

GSD-2012-5531

Tags

Sightings

Nomenclature