PT-2012-5290 · Mycare2X · Mycare2X

Benjamin Kunz Mejri

+1

·

Publicado

2012-08-13

·

Atualizado

2017-08-29

·

CVE-2012-4262

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions myCare2x (affected versions not specified)
Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters to various PHP files. The affected parameters include name last, name first, name middle, and name maiden in 'mycare pid.php', favorites and lang in 'mycare ward print.php', aktion and callurl in 'mycare2x pat info.php', and ln in 'mycare2x proc search.php'.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2012-4262

Produtos afetados

Mycare2X