CVE-2012-1984

Published: Apr 17, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (6)

Products: Realnetworks: Helix Server, Helix Mobile Server

2 products

Helix Mobile Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Helix Server	Version 14.0.0
Realnetworks Helix Server	Version 14.0.1
Realnetworks Helix Server	Version 14.2.0.212
Realnetworks Helix Server	Version 14.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Helix Mobile Server	Version 14.0.0
Realnetworks Helix Mobile Server	Version 14.0.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/52929

Source: cve@mitre.org

http://www.securitytracker.com/id?1026898

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/74677

Source: cve@mitre.org

http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/52929

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1026898

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/74677

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.