CVE-2012-2563: XSS
First published: Sat Jun 09 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web Filtering before 5.0.14 allow (1) remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow (2) remote authenticated administrators to inject arbitrary web script or HTML via vectors involving administrative menu functions.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bloxx Web Filtering | <=5.0.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-2563?
CVE-2012-2563 has a medium severity score due to multiple cross-site scripting vulnerabilities.
How do I fix CVE-2012-2563?
To fix CVE-2012-2563, upgrade Bloxx Web Filtering to version 5.0.14 or later.
What software is affected by CVE-2012-2563?
CVE-2012-2563 affects Bloxx Web Filtering versions prior to 5.0.14.
Can CVE-2012-2563 be exploited remotely?
Yes, CVE-2012-2563 can be exploited remotely by attackers injecting arbitrary web scripts through web traffic.
Who can exploit CVE-2012-2563?
Both remote attackers and authenticated administrators can exploit CVE-2012-2563 to inject malicious content.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/bloxx
- canonical/bloxx web filtering
- version/bloxx web filtering/5.0.13