Lucene search

K
cve[email protected]CVE-2012-2907
HistoryMay 21, 2012 - 6:55 p.m.

CVE-2012-2907

2012-05-2118:55:06
CWE-79
web.nvd.nist.gov
20
cve-2012-2907
cross-site scripting
xss
aberdeen_breadcrumb function
drupal
nvd

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.3%

Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.

Affected configurations

NVD
Node
ishmael_sanchezaberdeenMatch6.x-1.8
OR
ishmael_sanchezaberdeenMatch6.x-1.9
OR
ishmael_sanchezaberdeenMatch6.x-1.10
AND
drupaldrupal

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.3%

Related for CVE-2012-2907