Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| trevor_mckay | cumin | * |
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| trevor_mckay | cumin | 0.1.5137-1 |
| trevor_mckay | cumin | 0.1.5192-1 |
| redhat | enterprise_mrg | 2.0 |
| trevor_mckay | cumin | 0.1.4916-1 |
| trevor_mckay | cumin | 0.1.5105-1 |
| trevor_mckay | cumin | * |
| trevor_mckay | cumin | 0.1.5068-1 |
| trevor_mckay | cumin | 0.1.5137-3 |
| trevor_mckay | cumin | 0.1.4794-1 |
| trevor_mckay | cumin | 0.1.5137-2 |
| trevor_mckay | cumin | 0.1.5033-1 |
| trevor_mckay | cumin | 0.1.3160-1 |
| trevor_mckay | cumin | 0.1.4494-1 |
| trevor_mckay | cumin | 0.1.5092-1 |
| trevor_mckay | cumin | 0.1.5037-1 |
| trevor_mckay | cumin | 0.1.5054-1 |
| trevor_mckay | cumin | 0.1.4410-2 |
| trevor_mckay | cumin | 0.1.5137-5 |
| trevor_mckay | cumin | 0.1.5098-2 |
| trevor_mckay | cumin | 0.1.4369-1 |
| trevor_mckay | cumin | 0.1.5137-4 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| trevor_mckay | cumin | 0.1.5137-1 |
| trevor_mckay | cumin | 0.1.5192-1 |
| redhat | enterprise_mrg | 2.0 |
| trevor_mckay | cumin | 0.1.4916-1 |
| trevor_mckay | cumin | 0.1.5105-1 |
| trevor_mckay | cumin | * |
| trevor_mckay | cumin | 0.1.5068-1 |
| trevor_mckay | cumin | 0.1.5137-3 |
| trevor_mckay | cumin | 0.1.4794-1 |
| trevor_mckay | cumin | 0.1.5137-2 |
| trevor_mckay | cumin | 0.1.5033-1 |
| trevor_mckay | cumin | 0.1.3160-1 |
| trevor_mckay | cumin | 0.1.4494-1 |
| trevor_mckay | cumin | 0.1.5092-1 |
| trevor_mckay | cumin | 0.1.5037-1 |
| trevor_mckay | cumin | 0.1.5054-1 |
| trevor_mckay | cumin | 0.1.4410-2 |
| trevor_mckay | cumin | 0.1.5137-5 |
| trevor_mckay | cumin | 0.1.5098-2 |
| trevor_mckay | cumin | 0.1.4369-1 |
| trevor_mckay | cumin | 0.1.5137-4 |
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| trevor_mckay | cumin | 0.1.5137-1 |
| trevor_mckay | cumin | 0.1.5192-1 |
| redhat | enterprise_mrg | 2.0 |
| trevor_mckay | cumin | 0.1.4916-1 |
| trevor_mckay | cumin | 0.1.5105-1 |
| trevor_mckay | cumin | * |
| trevor_mckay | cumin | 0.1.5068-1 |
| trevor_mckay | cumin | 0.1.5137-3 |
| trevor_mckay | cumin | 0.1.4794-1 |
| trevor_mckay | cumin | 0.1.5137-2 |
| trevor_mckay | cumin | 0.1.5033-1 |
| trevor_mckay | cumin | 0.1.3160-1 |
| trevor_mckay | cumin | 0.1.4494-1 |
| trevor_mckay | cumin | 0.1.5092-1 |
| trevor_mckay | cumin | 0.1.5037-1 |
| trevor_mckay | cumin | 0.1.5054-1 |
| trevor_mckay | cumin | 0.1.4410-2 |
| trevor_mckay | cumin | 0.1.5137-5 |
| trevor_mckay | cumin | 0.1.5098-2 |
| trevor_mckay | cumin | 0.1.4369-1 |
| trevor_mckay | cumin | 0.1.5137-4 |