CVE-2012-4950

Pattern Insight 2.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters that are not properly handled during construction of error messages.

References (5)

[US Government Resource] http://www.kb.cert.org/vuls/id/802596

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/79787

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/56381

[Third Party Advisory, VDB Entry] http://osvdb.org/87053

[Third Party Advisory] http://secunia.com/advisories/51203

Scores

EPSS 0.0286

EPSS Percentile 86.1%

Details

CWE

CWE-79

Status published

Products (2)

patterninsight/pattern_insight

n/a/n/a

Published Nov 18, 2012

Tracked Since Feb 18, 2026