CVE-2012-1575 – cumin: multiple XSS flaws

https://notcve.org/view.php?id=CVE-2012-1575

Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cumin antes de r5238, permite a atacantes remotos inyectar secuencias de comandos web o código HTML de su elección a través de vectores que incluyen (1) widgets o (2) pages. • http://rhn.redhat.com/errata/RHSA-2012-0476.html http://rhn.redhat.com/errata/RHSA-2012-0477.html http://secunia.com/advisories/48810 http://secunia.com/advisories/48829 http://www.securityfocus.com/bid/53000 http://www.securitytracker.com/id?1026921 https://bugzilla.redhat.com/attachment.cgi?id=571986 https://bugzilla.redhat.com/show_bug.cgi?id=805712 https://exchange.xforce.ibmcloud.com/vulnerabilities/74844 https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •