Lucene search

[email protected]CVE-2012-2300

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-2300

2022-10-0316:15:36

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-2300

xss

ubercart

drupal

nvd

security vulnerability

5.5 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

42.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

ubercartubercartMatch6.x-2.0

ubercartubercartMatch6.x-2.0beta1

ubercartubercartMatch6.x-2.0beta2

ubercartubercartMatch6.x-2.0beta3

ubercartubercartMatch6.x-2.0beta4

ubercartubercartMatch6.x-2.0beta5

ubercartubercartMatch6.x-2.0beta6

ubercartubercartMatch6.x-2.0dev

ubercartubercartMatch6.x-2.0rc1

ubercartubercartMatch6.x-2.0rc2

ubercartubercartMatch6.x-2.0rc3

ubercartubercartMatch6.x-2.0rc4

ubercartubercartMatch6.x-2.0rc5

ubercartubercartMatch6.x-2.0rc6

ubercartubercartMatch6.x-2.0rc7

ubercartubercartMatch6.x-2.1

ubercartubercartMatch6.x-2.2

ubercartubercartMatch6.x-2.3

ubercartubercartMatch6.x-2.4

ubercartubercartMatch6.x-2.6

ubercartubercartMatch6.x-2.7

ubercartubercartMatch7.x-3.0

ubercartubercartMatch7.x-3.0alpha1

ubercartubercartMatch7.x-3.0alpha2

ubercartubercartMatch7.x-3.0alpha3

ubercartubercartMatch7.x-3.0beta1

ubercartubercartMatch7.x-3.0beta2

ubercartubercartMatch7.x-3.0beta3

ubercartubercartMatch7.x-3.0beta4

ubercartubercartMatch7.x-3.0dev

ubercartubercartMatch7.x-3.0rc1

ubercartubercartMatch7.x-3.0rc2

ubercartubercartMatch7.x-3.0rc3

ubercartubercartMatch7.x-3.0rc4

AND

drupaldrupalMatch-

CPENameOperatorVersion
ubercart:ubercartubercarteq6.x-2.0
ubercart:ubercartubercarteq6.x-2.1
ubercart:ubercartubercarteq6.x-2.2
ubercart:ubercartubercarteq6.x-2.3
ubercart:ubercartubercarteq6.x-2.4
ubercart:ubercartubercarteq6.x-2.6
ubercart:ubercartubercarteq6.x-2.7
ubercart:ubercartubercarteq7.x-3.0

CPE	Name	Operator	Version
ubercart:ubercart	ubercart	eq	6.x-2.0
ubercart:ubercart	ubercart	eq	6.x-2.1
ubercart:ubercart	ubercart	eq	6.x-2.2
ubercart:ubercart	ubercart	eq	6.x-2.3
ubercart:ubercart	ubercart	eq	6.x-2.4
ubercart:ubercart	ubercart	eq	6.x-2.6
ubercart:ubercart	ubercart	eq	6.x-2.7
ubercart:ubercart	ubercart	eq	7.x-3.0

References

drupal.org/node/1547506

drupal.org/node/1547508

drupal.org/node/1547674

drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8

drupalcode.org/project/ubercart.git/commitdiff/dfd8658

secunia.com/advisories/48935

www.openwall.com/lists/oss-security/2012/05/03/1

www.openwall.com/lists/oss-security/2012/05/03/2

www.securityfocus.com/bid/53251

5.5 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

42.1%

JSON

Related for CVE-2012-2300

nvd1 cvelist1 prion1 drupal1