CVE-2012-4262

Hccgmbh Mycare2x - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/18844

View Code ZIP pw:eip

References (11)

[Exploit] http://packetstormsecurity.org/files/112462/myCare2x-CMS-Cross-Site-Scripting-SQL-Injection.html

[Exploit] http://www.exploit-db.com/exploits/18844

[Exploit] http://www.securityfocus.com/bid/53392

[Various Sources] http://www.vulnerability-lab.com/get_content.php?id=524

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75391

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75392

[Third Party Advisory, VDB Entry] http://www.osvdb.org/81687

[Third Party Advisory, VDB Entry] http://www.osvdb.org/81688

[Third Party Advisory, VDB Entry] http://www.osvdb.org/81689

[Third Party Advisory, VDB Entry] http://www.osvdb.org/81690

[Third Party Advisory] http://secunia.com/advisories/49029

Scores

EPSS 0.1064

EPSS Percentile 93.2%

Classification

CWE

CWE-79

Status published

Affected Products (2)

hccgmbh/mycare2x

n/a/n/a

Timeline

Published Aug 13, 2012

Tracked Since Feb 18, 2026