Lucene search

RedhatCVE-2012-2084

HistoryNov 22, 2012 - 12:28 p.m.

CVE-2012-2084

2012-11-2212:28:38

CWE-79

redhat

web.nvd.nist.gov

cve-2012-2084

xss

printer module

email module

pdf module

drupal

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON

Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO.

Affected configurations

Nvd

Node

joao_venturaprintMatch6.x-1.0

joao_venturaprintMatch6.x-1.0rc1

joao_venturaprintMatch6.x-1.0rc2

joao_venturaprintMatch6.x-1.0rc3

joao_venturaprintMatch6.x-1.0rc4

joao_venturaprintMatch6.x-1.0rc5

joao_venturaprintMatch6.x-1.0rc8

joao_venturaprintMatch6.x-1.0rc9

joao_venturaprintMatch6.x-1.1

joao_venturaprintMatch6.x-1.2

joao_venturaprintMatch6.x-1.3

joao_venturaprintMatch6.x-1.4

joao_venturaprintMatch6.x-1.5

joao_venturaprintMatch6.x-1.6

joao_venturaprintMatch6.x-1.7

joao_venturaprintMatch6.x-1.8

joao_venturaprintMatch6.x-1.9

joao_venturaprintMatch6.x-1.10

joao_venturaprintMatch6.x-1.11

joao_venturaprintMatch6.x-1.11beta1

joao_venturaprintMatch6.x-1.12

joao_venturaprintMatch6.x-1.13

joao_venturaprintMatch6.x-1.14

joao_venturaprintMatch6.x-1.xdev

joao_venturaprintMatch7.x-10alpha1

joao_venturaprintMatch7.x-10alpha2

joao_venturaprintMatch7.x-10beta1

joao_venturaprintMatch7.x-10beta2

joao_venturaprintMatch7.x-10dev

AND

drupaldrupalMatch-

VendorProductVersionCPE
joao_venturaprint6.x-1.0cpe:2.3:a:joao_ventura:print:6.x-1.0:*:*:*:*:*:*:*
joao_venturaprint6.x-1.0cpe:2.3:a:joao_ventura:print:6.x-1.0:rc1:*:*:*:*:*:*
joao_venturaprint6.x-1.0cpe:2.3:a:joao_ventura:print:6.x-1.0:rc2:*:*:*:*:*:*
joao_venturaprint6.x-1.0cpe:2.3:a:joao_ventura:print:6.x-1.0:rc3:*:*:*:*:*:*
joao_venturaprint6.x-1.0cpe:2.3:a:joao_ventura:print:6.x-1.0:rc4:*:*:*:*:*:*
joao_venturaprint6.x-1.0cpe:2.3:a:joao_ventura:print:6.x-1.0:rc5:*:*:*:*:*:*
joao_venturaprint6.x-1.0cpe:2.3:a:joao_ventura:print:6.x-1.0:rc8:*:*:*:*:*:*
joao_venturaprint6.x-1.0cpe:2.3:a:joao_ventura:print:6.x-1.0:rc9:*:*:*:*:*:*
joao_venturaprint6.x-1.1cpe:2.3:a:joao_ventura:print:6.x-1.1:*:*:*:*:*:*:*
joao_venturaprint6.x-1.2cpe:2.3:a:joao_ventura:print:6.x-1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joao_ventura	print	6.x-1.0	cpe:2.3:a:joao_ventura:print:6.x-1.0:::::::*
joao_ventura	print	6.x-1.0	cpe:2.3:a:joao_ventura:print:6.x-1.0:rc1::::::
joao_ventura	print	6.x-1.0	cpe:2.3:a:joao_ventura:print:6.x-1.0:rc2::::::
joao_ventura	print	6.x-1.0	cpe:2.3:a:joao_ventura:print:6.x-1.0:rc3::::::
joao_ventura	print	6.x-1.0	cpe:2.3:a:joao_ventura:print:6.x-1.0:rc4::::::
joao_ventura	print	6.x-1.0	cpe:2.3:a:joao_ventura:print:6.x-1.0:rc5::::::
joao_ventura	print	6.x-1.0	cpe:2.3:a:joao_ventura:print:6.x-1.0:rc8::::::
joao_ventura	print	6.x-1.0	cpe:2.3:a:joao_ventura:print:6.x-1.0:rc9::::::
joao_ventura	print	6.x-1.1	cpe:2.3:a:joao_ventura:print:6.x-1.1:::::::*
joao_ventura	print	6.x-1.2	cpe:2.3:a:joao_ventura:print:6.x-1.2:::::::*

Rows per page:

1-10 of 301

References

drupal.org/node/1515060

drupal.org/node/1515076

drupal.org/node/1515722

drupalcode.org/project/print.git/commit/30480e0

drupalcode.org/project/print.git/commit/6771c3f

secunia.com/advisories/48625

www.openwall.com/lists/oss-security/2012/04/07/1

www.securityfocus.com/bid/52896

exchange.xforce.ibmcloud.com/vulnerabilities/74611

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON

Related for CVE-2012-2084