CVE-2012-6572

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-6572
Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://osvdb.org/85422
http://secunia.com/advisories/50557
http://www.madirish.net/550
https://drupal.org/node/1782286
https://drupal.org/node/1782686
https://exchange.xforce.ibmcloud.com/vulnerabilities/78575
http://osvdb.org/85422
http://secunia.com/advisories/50557
http://www.madirish.net/550
https://drupal.org/node/1782286
https://drupal.org/node/1782686
https://exchange.xforce.ibmcloud.com/vulnerabilities/78575
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:kong:inf08:6.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.0-beta1:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.0-beta2:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.4:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.5:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.6:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.7:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.8:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.9:*:*:*:*:*:*:*
cpe:2.3:a:kong:inf08:6.x-1.x-dev:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
History

21 Nov 2024, 01:46

Type Values Removed Values Added
References () http://osvdb.org/85422 - () http://osvdb.org/85422 -
References () http://secunia.com/advisories/50557 - () http://secunia.com/advisories/50557 -
References () http://www.madirish.net/550 - () http://www.madirish.net/550 -
References () https://drupal.org/node/1782286 - () https://drupal.org/node/1782286 -
References () https://drupal.org/node/1782686 - () https://drupal.org/node/1782686 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/78575 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/78575 -
Information

Published : 2013-06-21 19:55

Updated : 2024-11-21 01:46

NVD link : CVE-2012-6572

Mitre link : CVE-2012-6572

CVE.ORG link : CVE-2012-6572

JSON object : View

Products Affected

kong

  • inf08

drupal

  • drupal
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024