Lucene search

[email protected]CVE-2012-1624

HistoryOct 06, 2012 - 9:55 p.m.

CVE-2012-1624

2012-10-0621:55:04

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-1624

cross-site scripting

xss vulnerabilities

lingotek module

drupal

remote authenticated users

injection

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content.

Affected configurations

NVD

Node

lingoteklingotekRange≤6.x-1.4

lingoteklingotekMatch6.x-1.0

lingoteklingotekMatch6.x-1.1

lingoteklingotekMatch6.x-1.3

lingoteklingotekMatch6.x-1.31

AND

drupaldrupalMatch-

CPENameOperatorVersion
lingotek:lingoteklingotekle6.x-1.4
lingotek:lingoteklingotekeq6.x-1.0
lingotek:lingoteklingotekeq6.x-1.1
lingotek:lingoteklingotekeq6.x-1.3
lingotek:lingoteklingotekeq6.x-1.31

CPE	Name	Operator	Version
lingotek:lingotek	lingotek	le	6.x-1.4
lingotek:lingotek	lingotek	eq	6.x-1.0
lingotek:lingotek	lingotek	eq	6.x-1.1
lingotek:lingotek	lingotek	eq	6.x-1.3
lingotek:lingotek	lingotek	eq	6.x-1.31

References

drupal.org/node/1394220

drupal.org/node/1394412

secunia.com/advisories/47453

www.openwall.com/lists/oss-security/2012/04/07/1

www.osvdb.org/78185

www.securityfocus.com/bid/51272

exchange.xforce.ibmcloud.com/vulnerabilities/72151

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.6%

JSON

Related for CVE-2012-1624

prion1 cvelist1 nvd1 drupal1