FKIE_CVE-2013-1466

Vulnerability from fkie_nvd - Published: 2014-02-05 15:10 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html
cve@mitre.orghttp://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html
cve@mitre.orghttp://secunia.com/advisories/52255Vendor Advisory
cve@mitre.orghttp://www.exploit-db.com/exploits/24536
cve@mitre.orghttp://www.glfusion.org/article.php/glf122_update_20130130_01Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/82211
cve@mitre.orghttps://www.htbridge.com/advisory/HTB23142
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/52255Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/24536
af854a3a-2127-422b-91ae-364da2661108http://www.glfusion.org/article.php/glf122_update_20130130_01Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/82211
af854a3a-2127-422b-91ae-364da2661108https://www.htbridge.com/advisory/HTB23142
Impacted products
Vendor Product Version
glfusion glfusion *
glfusion glfusion 1.0.0
glfusion glfusion 1.0.0
glfusion glfusion 1.0.0
glfusion glfusion 1.0.1
glfusion glfusion 1.0.2
glfusion glfusion 1.1.0
glfusion glfusion 1.1.0
glfusion glfusion 1.1.1
glfusion glfusion 1.1.2
glfusion glfusion 1.1.3
glfusion glfusion 1.1.4
glfusion glfusion 1.1.4.pl1
glfusion glfusion 1.1.4.pl2
glfusion glfusion 1.1.4.pl3
glfusion glfusion 1.1.4.pl4
glfusion glfusion 1.1.5
glfusion glfusion 1.1.5.pl1
glfusion glfusion 1.1.5.pl2
glfusion glfusion 1.1.5.pl3
glfusion glfusion 1.1.6
glfusion glfusion 1.1.6.pl1
glfusion glfusion 1.1.6.pl2
glfusion glfusion 1.1.6.pl3
glfusion glfusion 1.1.6.pl4
glfusion glfusion 1.1.7
glfusion glfusion 1.1.8
glfusion glfusion 1.1.8.pl1
glfusion glfusion 1.1.8.pl2
glfusion glfusion 1.1.8.pl3
glfusion glfusion 1.1.8.pl4
glfusion glfusion 1.1.8.pl5
glfusion glfusion 1.1.8.pl6
glfusion glfusion 1.2.0
glfusion glfusion 1.2.0.pl1
glfusion glfusion 1.2.0.pl2
glfusion glfusion 1.2.0.pl3
glfusion glfusion 1.2.0.pl4
glfusion glfusion 1.2.0.pl5
glfusion glfusion 1.2.0.pl6
glfusion glfusion 1.2.0.pl7
glfusion glfusion 1.2.2
glfusion glfusion 1.2.2.pl1
glfusion glfusion 1.2.2.pl2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD92F979-758E-48EB-B6D7-F838531F7E16",
              "versionEndIncluding": "1.2.2.pl3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "798B4747-978F-46D2-8EF1-76D8BC0872F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E3D0B5AC-35D8-4900-B2F8-95D661E880CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3FE6694E-7ED1-45F4-94D7-D5CD9AA6D801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D711131E-314B-4BBE-9E6F-973C154694B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A24202-EB12-4428-A327-97504EB460B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80EE971-44CA-478F-88CB-A13CBDD628CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "51D13EE5-3B44-4AB3-86CD-01E9488DFBF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6941B9D9-5EA0-4954-89E8-350B4EE8E35A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "028947C2-71A3-4FBF-BBCD-BA7CF0098E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E7BB830-42C3-4A2A-AF2B-283669BE5A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D786A2AB-45C0-49B5-9F0D-97FCCC57BF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A78CD4-81C7-43D0-AF55-70D6764CB28B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl2:*:*:*:*:*:*:*",
              "matchCriteriaId": "549C3BC2-63D2-42FA-8984-EB128307207E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "19B08E87-DCB7-4C2C-BDF8-668662B6EE58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.4.pl4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F545F2-284A-4408-B14B-B1465E176EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A9987A-0F8E-4C39-8E97-ED3AD9406DD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5.pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FE0FE37-5B63-4223-96C6-29BE6E4E2A38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5.pl2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C1674FB-3745-4BF7-B5F3-31A4CB215FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.5.pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB7FC4C-DB19-4481-85F5-BC5D5350F763",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A06C07C1-B8E4-4D97-8FD3-17F2B06F2D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9593FFEB-AD09-41EC-950D-5031C7C0AD5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD289399-93D2-4CA9-8F47-9CE988C01EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6529D3F-8BF1-4786-8A2A-EEA5333EF6BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.6.pl4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB63EE52-AC26-4EEF-B1A9-7646B775A047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EA0CD3-E34F-49B0-BE66-C1E8FBAE3BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "082CF717-6FA4-4D22-9B76-AF5B93D8560D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "121594F2-E714-4E49-AAF4-7514F1B87646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7841881-DAE5-46A1-AFC5-5FD39F562BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "90AB990C-8001-4806-A738-4A64590C6C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA21F45F-6E49-4318-99BE-DFB1558B8B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl5:*:*:*:*:*:*:*",
              "matchCriteriaId": "059CD172-ADE1-4FCB-8D84-298BA42619A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.1.8.pl6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F870B42-E57D-4F60-A23E-06F047BCB4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "690C9C93-BB9F-47A5-9A35-B74A6880EAA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9249610A-71BB-48A2-BCCD-C1E29F3AD0B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl2:*:*:*:*:*:*:*",
              "matchCriteriaId": "746D9173-90F4-4E82-B6D3-7C21A87FE2FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD719B97-ED18-40A9-A3A5-81078F262F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAE38F5-BB94-442D-8705-DE4E90F9157F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl5:*:*:*:*:*:*:*",
              "matchCriteriaId": "87ED44C1-8CEE-4B19-90D2-0DE6C84C5CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9032E4DB-C006-4518-89C0-3A2308E1E377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.2.0.pl7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8614BDE0-BF9C-4E76-B2B2-76816D615697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "149A1A90-65A5-4BF1-A2A6-C5915E0A834B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.2.2.pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA5F3981-D478-4D94-8925-C3E7C97F25BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glfusion:glfusion:1.2.2.pl2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C85324AE-C3BE-4864-8212-E2823AFA6E2F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en glFusion anterior a 1.2.2.pl4 permite a atacantes remotos inyectar script Web o HTML arbitrario a trav\u00e9s de (1) par\u00e1metros sujetos a profiles.php; par\u00e1metros (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, o (9) zipcode hacia calendar/index.php; par\u00e1metros (10) title o (11) url hacia links/index.php; o (12) PATH_INFO hacia admin/plugins/mediagallery/xppubwiz.php/."
    }
  ],
  "id": "CVE-2013-1466",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-02-05T15:10:01.550",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52255"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.exploit-db.com/exploits/24536"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.glfusion.org/article.php/glf122_update_20130130_01"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82211"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.htbridge.com/advisory/HTB23142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/24536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.glfusion.org/article.php/glf122_update_20130130_01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.htbridge.com/advisory/HTB23142"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.