CVE-2012-4189 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.14%	–	–
2022-02-13	–	–	1.14%	–	–
2022-04-03	–	–	1.14%	–	–
2022-04-24	–	–	1.14%	–	–
2022-07-17	–	–	1.14%	–	–
2022-11-13	–	–	1.14%	–	–
2022-11-20	–	–	1.14%	–	–
2022-12-04	–	–	1.14%	–	–
2023-03-12	–	–	–	0.2%	–
2023-06-18	–	–	–	0.2%	–
2023-10-29	–	–	–	0.2%	–
2023-12-03	–	–	–	0.2%	–
2023-12-10	–	–	–	0.2%	–
2024-02-11	–	–	–	0.2%	–
2024-02-18	–	–	–	0.2%	–
2024-06-02	–	–	–	0.2%	–
2024-06-02	–	–	–	0.2%	–
2024-06-16	–	–	–	0.2%	–
2024-11-24	–	–	–	0.2%	–
2024-12-22	–	–	–	0.19%	–
2025-01-19	–	–	–	0.19%	–
2025-03-18	–	–	–	–	0.3%
2025-03-30	–	–	–	–	0.3%
2025-04-15	–	–	–	–	0.3%
2025-04-15	–	–	–	–	0.3,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	34%
2022-02-13	35%
2022-04-03	56%
2022-04-24	57%
2022-07-17	58%
2022-11-13	59%
2022-11-20	58%
2022-12-04	59%
2023-03-12	56%
2023-06-18	57%
2023-10-29	58%
2023-12-03	57%
2023-12-10	58%
2024-02-11	56%
2024-02-18	57%
2024-06-02	57%
2024-06-02	57%
2024-06-16	58%
2024-11-24	59%
2024-12-22	57%
2025-01-19	57%
2025-03-18	51%
2025-03-30	5%
2025-04-15	52%
2025-04-15	52%

source: https://www.securityfocus.com/bid/63205/info Bugzilla is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible. Bugzilla versions 4.1.1 through 4.2.6, and 4.3.1 through 4.4 are vulnerable. Note: This issue exists due to an incomplete fix for CVE-2012-4189 (identified in BID 56504 - Bugzilla Multiple Cross Site Scripting and Information Disclosure Vulnerabilities). https://www.example.com/bugzilla-tip/report.cgi?x_axis_field=short_desc&y_axis_field=short_desc&z_axis_field=short_desc&no_redirect=1&query_format=report-table&short_desc_type=allwordssubstr&short_desc=&resolution=---&longdesc_type=allwordssubstr&longdesc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywords=&deadlinefrom=&deadlineto=&bug_id=22386%2C22387&bug_id_type=anyexact&emailassigned_to1=1&emailtype1=substring&email1=&emailassigned_to2=1&emailreporter2=1&emailqa_contact2=1&emailcc2=1&emailtype2=substring&email2=&emaillongdesc3=1&emailtype3=substring&email3=&chfieldvalue=&chfieldfrom=&chfieldto=Now&j_top=AND&f1=noop&o1=noop&v1=&format=table&action=wrap