CVE-2012-0914

{"id": "CVE-2012-0914", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-01-24T18:55:01.690", "references": [{"url": "http://drupal.org/node/1409436", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/1409446", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/1409448", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupalcode.org/project/panels.git/commit/2066d59", "source": "cve@mitre.org"}, {"url": "http://drupalcode.org/project/panels.git/commit/d844942", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/78367", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/47649", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/51568", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72549", "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/1409436", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://drupal.org/node/1409446", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://drupal.org/node/1409448", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://drupalcode.org/project/panels.git/commit/2066d59", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://drupalcode.org/project/panels.git/commit/d844942", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/78367", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/47649", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/51568", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72549", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title."}, {"lang": "es", "value": "Vulnerbilidad de ejecuci\u00f3n de secuencias de comandos web en sitios cruzados (XSS) en display_renderers/panels_renderer_editor.class.php en la vista de administraci\u00f3n en el m\u00f3dulo Panels v6.x-2.x anterior a v6.x-3.10 y v7.x-3.x anterior v7.x-3.0 para Drupal permite a usuarios autenticados de forma remota con ciertos privilegios inyectar c\u00f3digo web script de su elecci\u00f3n o HTML a trav\u00e9s del 'title' Region."}], "lastModified": "2024-11-21T01:35:57.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F7FDB15-3B06-43AA-8FDF-DCCA137EAEAF"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11733CB-B68B-4DC4-90E8-75EDB2A9D616"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DFF9E8E-3C0C-4E07-8C65-7E928E71563C"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F2BB012-22DF-42E2-89F4-5542EAB21107"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70775F0F-3B57-417E-B116-3CFD43B83B66"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4A7B0F5-A9CC-4287-8247-D44B71A0C46D"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE5F0B91-A3B1-4A8D-B64A-4ECD94CA94C1"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6347ECE0-2C66-47D5-9B57-D5BA0D6F4C91"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A162DC0-D61B-404D-914F-F058D2DED47C"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0DE2442-F0A0-400A-AC91-61B331330D10"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C90BD49E-2583-4BC3-91E7-9B104251ECD4"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B49552D8-63A9-40C3-8D24-AB345996CFF3"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D4030F8-497F-46A3-A6B4-CC0CD7DBBFAC"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0CC32BC-3EE5-4743-B89A-3C13FEDB033A"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D13FAA1B-E84F-4215-A7B4-44D5A3802879"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13A37FE9-FA07-4566-9D64-E73385656077"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB6B4223-3E5B-4F60-B0EF-E1C9B086F97C"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCDE6A13-FB05-4016-8793-FDA4D8543E5A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B440A22-6241-4452-A5FE-0C41CE77FE27"}, {"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB849863-7CD4-4B7E-8136-CF94FCF714A8"}, {"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D97AB2AD-24F8-4080-9E0A-5291FC05FBAA"}, {"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA78D313-CFCF-4AD4-A3F1-9CADD135B8EC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}