Lucene search

RedhatCVE-2012-1660

HistorySep 18, 2012 - 8:55 p.m.

CVE-2012-1660

2012-09-1820:55:02

CWE-79

redhat

web.nvd.nist.gov

cve-2012-1660

xss

webform module

drupal

nvd

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the “Select (or other)” module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.

Affected configurations

Nvd

Node

nathan_haugwebformMatch6.x-3.0

nathan_haugwebformMatch6.x-3.0beta1

nathan_haugwebformMatch6.x-3.0beta2

nathan_haugwebformMatch6.x-3.0beta3

nathan_haugwebformMatch6.x-3.0beta4

nathan_haugwebformMatch6.x-3.0beta5

nathan_haugwebformMatch6.x-3.0beta6

nathan_haugwebformMatch6.x-3.1

nathan_haugwebformMatch6.x-3.2

nathan_haugwebformMatch6.x-3.3

nathan_haugwebformMatch6.x-3.4

nathan_haugwebformMatch6.x-3.5

nathan_haugwebformMatch6.x-3.6

nathan_haugwebformMatch6.x-3.7

nathan_haugwebformMatch6.x-3.8

nathan_haugwebformMatch6.x-3.9

nathan_haugwebformMatch6.x-3.10

nathan_haugwebformMatch6.x-3.11

nathan_haugwebformMatch6.x-3.12

nathan_haugwebformMatch6.x-3.13

nathan_haugwebformMatch6.x-3.14

nathan_haugwebformMatch6.x-3.15

nathan_haugwebformMatch6.x-3.16

nathan_haugwebformMatch6.x-3.xdev

nathan_haugwebformMatch7.x-3.0beta2

nathan_haugwebformMatch7.x-3.0beta3

nathan_haugwebformMatch7.x-3.0beta4

nathan_haugwebformMatch7.x-3.0beta5

nathan_haugwebformMatch7.x-3.0beta6

nathan_haugwebformMatch7.x-3.0beta7

nathan_haugwebformMatch7.x-3.0beta8

nathan_haugwebformMatch7.x-3.3beta1

nathan_haugwebformMatch7.x-3.4beta1

nathan_haugwebformMatch7.x-3.6

nathan_haugwebformMatch7.x-3.7

nathan_haugwebformMatch7.x-3.8

nathan_haugwebformMatch7.x-3.9

nathan_haugwebformMatch7.x-3.10

nathan_haugwebformMatch7.x-3.11

nathan_haugwebformMatch7.x-3.12

nathan_haugwebformMatch7.x-3.13

nathan_haugwebformMatch7.x-3.15

nathan_haugwebformMatch7.x-3.16

nathan_haugwebformMatch7.x-3.xdev

AND

drupaldrupalMatch-

VendorProductVersionCPE
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:*:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta1:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta2:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta3:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta4:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta5:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta6:*:*:*:*:*:*
nathan_haugwebform6.x-3.1cpe:2.3:a:nathan_haug:webform:6.x-3.1:*:*:*:*:*:*:*
nathan_haugwebform6.x-3.2cpe:2.3:a:nathan_haug:webform:6.x-3.2:*:*:*:*:*:*:*
nathan_haugwebform6.x-3.3cpe:2.3:a:nathan_haug:webform:6.x-3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:::::::*
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta1::::::
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta2::::::
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta3::::::
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta4::::::
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta5::::::
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta6::::::
nathan_haug	webform	6.x-3.1	cpe:2.3:a:nathan_haug:webform:6.x-3.1:::::::*
nathan_haug	webform	6.x-3.2	cpe:2.3:a:nathan_haug:webform:6.x-3.2:::::::*
nathan_haug	webform	6.x-3.3	cpe:2.3:a:nathan_haug:webform:6.x-3.3:::::::*

Rows per page:

1-10 of 451

References

drupal.org/node/1472178

drupal.org/node/1472180

drupal.org/node/1472214

drupalcode.org/project/webform.git/commit/90af819

drupalcode.org/project/webform.git/commit/917fa91

secunia.com/advisories/48310

www.openwall.com/lists/oss-security/2012/04/07/1

www.osvdb.org/79852

www.securityfocus.com/bid/52345

exchange.xforce.ibmcloud.com/vulnerabilities/73779

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Related for CVE-2012-1660