CVE-2012-1575: XSS
First published: Wed Mar 21 2012(Updated: )
A number of XSS flaws were reported in Cumin. These flaws could be used by a remote attacker to inject arbitrary web script on a web page displayed by Cumin. To solve the problem, xml_escape() (as defined in wooly/python/wooly/util.py, a simple wrapper around xml.sax.saxutils.escape()) is called on any values that are displayed on a web page and originate outside of Cumin, or through a form submitted by a user. Many of these have been corrected upstream in r5238 [1]. [1] <a href="https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html">https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trevor McKay Cumin | <=r5237 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=571986
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=571986&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=571987
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=571987&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=571988
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=571988&action=edit
- https://rhn.redhat.com/errata/RHSA-2012-0477.html
- https://rhn.redhat.com/errata/RHSA-2012-0476.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=812066
- https://bugzilla.redhat.com/show_bug.cgi?id=805712
- http://rhn.redhat.com/errata/RHSA-2012-0476.html
- http://rhn.redhat.com/errata/RHSA-2012-0477.html
- http://secunia.com/advisories/48810
- http://secunia.com/advisories/48829
- http://www.securityfocus.com/bid/53000
- http://www.securitytracker.com/id?1026921
- https://bugzilla.redhat.com/attachment.cgi?id=571986
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74844
Frequently Asked Questions
What is the severity of CVE-2012-1575?
CVE-2012-1575 is classified as a medium-severity vulnerability due to its potential for Cross-Site Scripting (XSS) attacks.
How do I fix CVE-2012-1575?
To fix CVE-2012-1575, ensure that the xml_escape() function is implemented properly in the Cumin application to mitigate XSS risks.
What type of vulnerability is CVE-2012-1575?
CVE-2012-1575 is an XSS (Cross-Site Scripting) vulnerability that allows remote attackers to inject arbitrary web scripts.
Which software versions are affected by CVE-2012-1575?
CVE-2012-1575 affects Cumin versions up to and including r5237.
Can CVE-2012-1575 be exploited remotely?
Yes, CVE-2012-1575 can be exploited remotely by attackers to execute scripts in the context of affected users.
- collector/redhat-bugzilla
- alias/CVE-2012-1575
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- agent/event
- agent/references
- agent/description
- agent/author
- agent/severity
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/trevor mckay
- canonical/trevor mckay cumin
- version/trevor mckay cumin/r5237