QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4262

Published: Aug 13, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_OSVDB

mycar2xcms-mycarepid-xss(75391)

vdb-entry

x_refsource_XF

http://www.vulnerability-lab.com/get_content.php?id=524

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

mycare2x-multiple-xss(75392)

vdb-entry

x_refsource_XF

http://packetstormsecurity.org/files/112462/myCare2x-CMS-Cross-Site-Scripting-SQL-Injection.html

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.