Search criteria
3 vulnerabilities found for puppet_dashboard by puppet
FKIE_CVE-2012-0891
Vulnerability from fkie_nvd - Published: 2014-03-14 16:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://puppetlabs.com/security/cve/cve-2012-0891 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://puppetlabs.com/security/cve/cve-2012-0891 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | puppet_dashboard | 1.0.0 | |
| puppet | puppet_dashboard | 1.0.3 | |
| puppet | puppet_dashboard | 1.0.4 | |
| puppet | puppet_dashboard | 1.1.0 | |
| puppet | puppet_dashboard | 1.1.1 | |
| puppet | puppet_dashboard | 1.2.0 | |
| puppet | puppet_dashboard | 1.2.1 | |
| puppet | puppet_dashboard | 1.2.2 | |
| puppet | puppet_dashboard | 1.2.3 | |
| puppet | puppet_dashboard | 1.2.4 | |
| puppet | puppet_enterprise | 1.0 | |
| puppet | puppet_enterprise | 1.1 | |
| puppet | puppet_enterprise | 1.2.0 | |
| puppet | puppet_enterprise | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68EBEE5C-A39B-4F8E-A005-11327D639C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E85933FC-0433-45FB-A7D6-E3298B947E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE296ACD-1869-45E5-88AB-DEFB47C55989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6036A3DB-95E6-4EF9-B45F-C483D0D6D4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6FA405-C453-4008-9DFC-A46AFA5C6D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B6A088-F3D5-44B5-9469-CBAE8715B13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6016EF1-335F-4042-ACFD-9B518217D448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73176F23-F996-454F-9123-96FC9392C1EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86584240-8AB6-4ABC-94BB-037D37A74AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_dashboard:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F17DBFE-D13E-4AF0-9F93-918BE2BE649F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "926CFE0B-57A0-42EE-8B84-5C53C94F552E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54836761-86C0-4240-8A43-D6DECC2BBBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A584D14-197E-47EB-B394-B8B211D4B502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFA5742-38F2-43BD-9C90-E4F447F55684",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Puppet Dashboard 1.0 anterior a 1.2.5 y Enterprise 1.0 anterior a 1.2.5 y 2.x anterior a 2.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de campos no especificados."
}
],
"id": "CVE-2012-0891",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T16:55:04.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-0891 (GCVE-0-2012-0891)
Vulnerability from cvelistv5 – Published: 2014-03-14 16:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2012-0891",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0891",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2012-01-20T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0891 (GCVE-0-2012-0891)
Vulnerability from nvd – Published: 2014-03-14 16:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2012-0891",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2012-0891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0891",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2012-01-20T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}