Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2012-1660
HistorySep 18, 2012 - 8:55 p.m.

CVE-2012-1660

2012-09-1820:55:02
CWE-79
[email protected]
web.nvd.nist.gov
18
cve-2012-1660
xss
webform module
drupal
nvd

5.4 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

46.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the “Select (or other)” module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.

Affected configurations

NVD
Node
nathan_haugwebformMatch6.x-3.0
OR
nathan_haugwebformMatch6.x-3.0beta1
OR
nathan_haugwebformMatch6.x-3.0beta2
OR
nathan_haugwebformMatch6.x-3.0beta3
OR
nathan_haugwebformMatch6.x-3.0beta4
OR
nathan_haugwebformMatch6.x-3.0beta5
OR
nathan_haugwebformMatch6.x-3.0beta6
OR
nathan_haugwebformMatch6.x-3.1
OR
nathan_haugwebformMatch6.x-3.2
OR
nathan_haugwebformMatch6.x-3.3
OR
nathan_haugwebformMatch6.x-3.4
OR
nathan_haugwebformMatch6.x-3.5
OR
nathan_haugwebformMatch6.x-3.6
OR
nathan_haugwebformMatch6.x-3.7
OR
nathan_haugwebformMatch6.x-3.8
OR
nathan_haugwebformMatch6.x-3.9
OR
nathan_haugwebformMatch6.x-3.10
OR
nathan_haugwebformMatch6.x-3.11
OR
nathan_haugwebformMatch6.x-3.12
OR
nathan_haugwebformMatch6.x-3.13
OR
nathan_haugwebformMatch6.x-3.14
OR
nathan_haugwebformMatch6.x-3.15
OR
nathan_haugwebformMatch6.x-3.16
OR
nathan_haugwebformMatch6.x-3.xdev
OR
nathan_haugwebformMatch7.x-3.0beta2
OR
nathan_haugwebformMatch7.x-3.0beta3
OR
nathan_haugwebformMatch7.x-3.0beta4
OR
nathan_haugwebformMatch7.x-3.0beta5
OR
nathan_haugwebformMatch7.x-3.0beta6
OR
nathan_haugwebformMatch7.x-3.0beta7
OR
nathan_haugwebformMatch7.x-3.0beta8
OR
nathan_haugwebformMatch7.x-3.3beta1
OR
nathan_haugwebformMatch7.x-3.4beta1
OR
nathan_haugwebformMatch7.x-3.6
OR
nathan_haugwebformMatch7.x-3.7
OR
nathan_haugwebformMatch7.x-3.8
OR
nathan_haugwebformMatch7.x-3.9
OR
nathan_haugwebformMatch7.x-3.10
OR
nathan_haugwebformMatch7.x-3.11
OR
nathan_haugwebformMatch7.x-3.12
OR
nathan_haugwebformMatch7.x-3.13
OR
nathan_haugwebformMatch7.x-3.15
OR
nathan_haugwebformMatch7.x-3.16
OR
nathan_haugwebformMatch7.x-3.xdev
AND
drupaldrupalMatch-

Related

cvelist 1
prion 1
drupal 1
nvd 1
cvelist
cvelist
CVE-2012-1660
2012-09-18 20:00:00
prion
prion
Cross site scripting
2012-09-18 20:55:00
drupal
drupal
SA-CONTRIB-2012-035 - Webform Cross Site Scripting (XSS)
2012-03-07 00:00:00
nvd
nvd
CVE-2012-1660
2012-09-18 20:55:02

5.4 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

46.1%

JSON
Related for CVE-2012-1660
cvelist1prion1drupal1nvd1