Vulnerability Details CVE-2012-3830
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.05
EPSS Ranking 89.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/81637
- http://secunia.com/advisories/48931
- http://www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags
- http://www.securityfocus.com/bid/53332
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75333
- https://github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83
- https://github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9
- http://osvdb.org/81637
- http://secunia.com/advisories/48931
- http://www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags
- http://www.securityfocus.com/bid/53332
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75333
- https://github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83
- https://github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9
Products affected by CVE-2012-3830
-
cpe:2.3:a:milesj:decoda:2.2
-
cpe:2.3:a:milesj:decoda:2.3
-
cpe:2.3:a:milesj:decoda:2.4
-
cpe:2.3:a:milesj:decoda:2.5
-
cpe:2.3:a:milesj:decoda:2.6
-
cpe:2.3:a:milesj:decoda:2.7
-
cpe:2.3:a:milesj:decoda:2.8
-
cpe:2.3:a:milesj:decoda:2.9
-
cpe:2.3:a:milesj:decoda:3.0
-
cpe:2.3:a:milesj:decoda:3.1
-
cpe:2.3:a:milesj:decoda:3.2
-
cpe:2.3:a:milesj:decoda:3.3
-
cpe:2.3:a:milesj:decoda:3.3.1