Lucene search

K
cveRedhatCVE-2012-1648
HistorySep 09, 2012 - 9:55 p.m.

CVE-2012-1648

2012-09-0921:55:06
CWE-79
redhat
web.nvd.nist.gov
21
cve-2012-1648
cross-site scripting
xss
vulnerability
cool aid module
drupal
nvd

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

48.3%

Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd
Node
danielbcool_aidRange6.x-1.8
OR
danielbcool_aidMatch6.x-1.0
OR
danielbcool_aidMatch6.x-1.1
OR
danielbcool_aidMatch6.x-1.2
OR
danielbcool_aidMatch6.x-1.3
OR
danielbcool_aidMatch6.x-1.4
OR
danielbcool_aidMatch6.x-1.6
OR
danielbcool_aidMatch6.x-1.7
OR
danielbcool_aidMatch6.x-1.xdev
AND
drupaldrupalMatch-
VendorProductVersionCPE
danielbcool_aid*cpe:2.3:a:danielb:cool_aid:*:*:*:*:*:*:*:*
danielbcool_aid6.x-1.0cpe:2.3:a:danielb:cool_aid:6.x-1.0:*:*:*:*:*:*:*
danielbcool_aid6.x-1.1cpe:2.3:a:danielb:cool_aid:6.x-1.1:*:*:*:*:*:*:*
danielbcool_aid6.x-1.2cpe:2.3:a:danielb:cool_aid:6.x-1.2:*:*:*:*:*:*:*
danielbcool_aid6.x-1.3cpe:2.3:a:danielb:cool_aid:6.x-1.3:*:*:*:*:*:*:*
danielbcool_aid6.x-1.4cpe:2.3:a:danielb:cool_aid:6.x-1.4:*:*:*:*:*:*:*
danielbcool_aid6.x-1.6cpe:2.3:a:danielb:cool_aid:6.x-1.6:*:*:*:*:*:*:*
danielbcool_aid6.x-1.7cpe:2.3:a:danielb:cool_aid:6.x-1.7:*:*:*:*:*:*:*
danielbcool_aid6.x-1.xcpe:2.3:a:danielb:cool_aid:6.x-1.x:dev:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

48.3%

Related for CVE-2012-1648