PT-2012-3164 · Kent Web+1 · Kent-Web Web Mart+1

Isayama Takayoshi

Published

2012-05-15

Updated

2017-12-05

CVE-2012-1247

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions KENT-WEB WEB MART versions 1.7 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions when Internet Explorer is used.

Recommendations For versions 1.7 and earlier, update to a version that does not support CSS expressions in Internet Explorer or disable the use of CSS expressions to mitigate the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2012-1247

Affected Products

Internet Explorer

Kent-Web Web Mart

PT-2012-3164 · Kent Web+1 · Kent-Web Web Mart+1

CVE-2012-1247

Weakness Enumeration

Related Identifiers

Affected Products

References · 6