CVE-2012-0869
Description
Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 20120215-1 |
| debian | bullseye | fixed | 20120215-1 |
| debian | sid | fixed | 20120215-1 |
| debian | trixie | fixed | 20120215-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ulli_horlacher | fex | {"endIncluding":"20120207"} | |
| ulli_horlacher | fex | 2011205 | |
| ulli_horlacher | fex | 20100208 | |
| ulli_horlacher | fex | 20110609 | |
| ulli_horlacher | fex | 20110610 | |
| ulli_horlacher | fex | 20110614 | |
| ulli_horlacher | fex | 20110615 | |
| ulli_horlacher | fex | 20110616 | |
| ulli_horlacher | fex | 20110621 | |
| ulli_horlacher | fex | 20110622 | |
| ulli_horlacher | fex | 20110627 | |
| ulli_horlacher | fex | 20110630 | |
| ulli_horlacher | fex | 20110701 | |
| ulli_horlacher | fex | 20110714 | |
| ulli_horlacher | fex | 20110716 | |
| ulli_horlacher | fex | 20110722 | |
| ulli_horlacher | fex | 20110726 | |
| ulli_horlacher | fex | 20110727 | |
| ulli_horlacher | fex | 20110730 | |
| ulli_horlacher | fex | 20110731 | |
| ulli_horlacher | fex | 20110803 | |
| ulli_horlacher | fex | 20110807 | |
| ulli_horlacher | fex | 20110808 | |
| ulli_horlacher | fex | 20110809 | |
| ulli_horlacher | fex | 20110810 | |
| ulli_horlacher | fex | 20110811 | |
| ulli_horlacher | fex | 20110813 | |
| ulli_horlacher | fex | 20110826 | |
| ulli_horlacher | fex | 20110829 | |
| ulli_horlacher | fex | 20110830 | |
| ulli_horlacher | fex | 20110901 | |
| ulli_horlacher | fex | 20110905 | |
| ulli_horlacher | fex | 20110906 | |
| ulli_horlacher | fex | 20110907 | |
| ulli_horlacher | fex | 20110919 | |
| ulli_horlacher | fex | 20110920 | |
| ulli_horlacher | fex | 20110921 | |
| ulli_horlacher | fex | 20110930 | |
| ulli_horlacher | fex | 20111003 | |
| ulli_horlacher | fex | 20111005 | |
| ulli_horlacher | fex | 20111013 | |
| ulli_horlacher | fex | 20111028 | |
| ulli_horlacher | fex | 20111102 | |
| ulli_horlacher | fex | 20111108 | |
| ulli_horlacher | fex | 20111115 | |
| ulli_horlacher | fex | 20111129 | |
| ulli_horlacher | fex | 20111230 | |
| ulli_horlacher | fex | 20111231 | |
| ulli_horlacher | fex | 20120102 | |
| ulli_horlacher | fex | 20120106 | |
| ulli_horlacher | fex | 20120117 | |
| ulli_horlacher | fex | 20120125 | |
| ulli_horlacher | fex | 20120201 | |
| ulli_horlacher | fex | 20120202 | |
| ulli_horlacher | fex | 20120203 | |
| ulli_horlacher | fex | 20120204 | |
| ulli_horlacher | fex | 20120301 | |
| ulli_horlacher | fex | 20120305 | |
| ulli_horlacher | fex | 20120404 | |
| ulli_horlacher | fex | 20120406 | |
| ulli_horlacher | fex | 20120407 | |
| ulli_horlacher | fex | 20120426 | |
| ulli_horlacher | fex | 20120502 | |
| ulli_horlacher | fex | 20120504 | |
| ulli_horlacher | fex | 20120601 | |
| ulli_horlacher | fex | 20120605 | |
| ulli_horlacher | fex | 20120606 | |
| ulli_horlacher | fex | 20120621 | |
| ulli_horlacher | fex | 20120701 | |
| ulli_horlacher | fex | 20120702 | |
| ulli_horlacher | fex | 20120705 | |
| ulli_horlacher | fex | 20120709 | |
| ulli_horlacher | fex | 20120710 | |
| ulli_horlacher | fex | 20120711 | |
| ulli_horlacher | fex | 20120718 | |
References
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html
- http://fex.rus.uni-stuttgart.de/fex.html
- http://osvdb.org/79420
- http://secunia.com/advisories/47971
- http://www.debian.org/security/2012/dsa-2414
- http://www.openwall.com/lists/oss-security/2012/02/20/1
- http://www.openwall.com/lists/oss-security/2012/02/20/8
- http://www.openwall.com/lists/oss-security/2012/02/23/2
- http://www.securityfocus.com/bid/52085
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78966
- https://security-tracker.debian.org/tracker/CVE-2012-0869
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.