CVE-2012-2638

SmallPICT <2.7 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (3)

[Vendor Advisory] http://wap2.jp/download/spict/

[Third Party Advisory] http://jvn.jp/en/jp/JVN36993373/index.html

[Third Party Advisory] http://jvndb.jvn.jp/jvndb/JVNDB-2012-000060

Scores

EPSS 0.0030

EPSS Percentile 52.7%

Classification

CWE

CWE-79

Status published

Affected Products (2)

wap2/smallpict < 2.6

n/a/n/a

Timeline

Published Jun 19, 2012

Tracked Since Feb 18, 2026