Lucene search

[email protected]CVE-2012-5585

HistoryDec 26, 2012 - 5:55 p.m.

CVE-2012-5585

2012-12-2617:55:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-5585

cross-site scripting

xss

vulnerability

mixpanel module

drupal

authenticated users

administration pages

web script

html

maxpanel token

nvd

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the “access administration pages” permission to inject arbitrary web script or HTML via the Maxpanel token.

Affected configurations

NVD

Node

mixpanel_projectmixpanelMatch6.x-1.0

mixpanel_projectmixpanelMatch6.x-1.0beta1

mixpanel_projectmixpanelMatch6.x-1.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
mixpanel_project:mixpanelmixpanel project mixpaneleq6.x-1.0
mixpanel_project:mixpanelmixpanel project mixpaneleq6.x-1.x

CPE	Name	Operator	Version
mixpanel_project:mixpanel	mixpanel project mixpanel	eq	6.x-1.0
mixpanel_project:mixpanel	mixpanel project mixpanel	eq	6.x-1.x

References

drupal.org/node/1762886

drupal.org/node/1852098

drupal.org/node/1853198

drupalcode.org/project/mixpanel.git/commit/7dbd715

www.openwall.com/lists/oss-security/2012/11/29/2

www.securityfocus.com/bid/56719

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

Related for CVE-2012-5585

nvd1 prion1 cvelist1 drupal1