Vulnerability Details CVE-2012-1020
Multiple cross-site scripting (XSS) vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the (1) visitor_language parameter to register.php or (2) message parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://marc.info/?l=full-disclosure&m=132852645911072&w=2
- http://secunia.com/advisories/47897
- http://www.securityfocus.com/bid/51876
- http://www.vulnerability-lab.com/get_content.php?id=304
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73001
- http://marc.info/?l=full-disclosure&m=132852645911072&w=2
- http://secunia.com/advisories/47897
- http://www.securityfocus.com/bid/51876
- http://www.vulnerability-lab.com/get_content.php?id=304
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73001
Products affected by CVE-2012-1020
-
cpe:2.3:a:overseaswtc:nexorone_online_banking_system:-