{"vuid":"VU#732115","idnumber":"732115","name":"Project Open cross-site scripting vulnerability","keywords":["Project Open","XSS"],"overview":"Project Open ]po[ version 3.4 and possibly earlier versions suffer from a reflective cross-site scripting (XSS) vulnerability in the account-closed.tcl script","clean_desc":"The XSS vulnerability (CWE-79) is contained within the message parameter in the account-closed.tcl script. http://[HOST]/register/account-closed?message=[arbitrary-JavaScript]","impact":"An attacker may be able to execute arbitrary Javascript in the context of the user's browser.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"Thanks to Michail Poultsakis for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://www.project-open.com","http://packetstormsecurity.org/files/109388/projectopen-xss.txt","http://cwe.mitre.org/data/definitions/79.html"],"cveids":["CVE-2012-1027"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-12-07T14:52:23Z","publicdate":"2012-02-01T00:00:00Z","datefirstpublished":"2012-02-03T20:21:00Z","dateupdated":"2014-07-24T22:19:40Z","revision":21,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"1","cam_exploitation":"3","cam_internetinfrastructure":"4","cam_population":"1","cam_impact":"7","cam_easeofexploitation":"4","cam_attackeraccessrequired":"13","cam_scorecurrent":"0.0546","cam_scorecurrentwidelyknown":"0.184275","cam_scorecurrentwidelyknownexploited":"0.3003","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.3","cvss_basevector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","cvss_temporalscore":"3.5","cvss_environmentalscore":"0.8699659038","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0546,"vulnote":null}