Lucene search

K
cve[email protected]CVE-2012-1646
HistorySep 25, 2012 - 11:55 p.m.

CVE-2012-1646

2012-09-2523:55:02
CWE-79
web.nvd.nist.gov
25
cve-2012-1646
cross-site scripting
xss
drupal
faq module
remote authenticated users
web security

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.5%

Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_question parameter in faq.module.

Affected configurations

NVD
Node
drupalfaqMatch6.x-1.0
OR
drupalfaqMatch6.x-1.1
OR
drupalfaqMatch6.x-1.2
OR
drupalfaqMatch6.x-1.3
OR
drupalfaqMatch6.x-1.4
OR
drupalfaqMatch6.x-1.5
OR
drupalfaqMatch6.x-1.6
OR
drupalfaqMatch6.x-1.7
OR
drupalfaqMatch6.x-1.8
OR
drupalfaqMatch6.x-1.9
OR
drupalfaqMatch6.x-1.10
OR
drupalfaqMatch6.x-1.11
OR
drupalfaqMatch6.x-1.12
OR
drupalfaqMatch6.x-1.x
Node
drupalfaqMatch7x-1.x-rc1

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.5%

Related for CVE-2012-1646