Lucene search

MitreCVE-2012-6573

HistoryJun 25, 2013 - 6:55 p.m.

CVE-2012-6573

2013-06-2518:55:01

CWE-79

mitre

web.nvd.nist.gov

cve-2012-6573

xss

apache solr

autocomplete

drupal

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

70.3%

JSON

Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.

Affected configurations

Nvd

Node

alejandro_garzaapachesolr_autocompleteMatch6.x-1.0

alejandro_garzaapachesolr_autocompleteMatch6.x-1.1

alejandro_garzaapachesolr_autocompleteMatch6.x-1.2

alejandro_garzaapachesolr_autocompleteMatch6.x-1.3

alejandro_garzaapachesolr_autocompleteMatch6.x-1.xdev

alejandro_garzaapachesolr_autocompleteMatch7.x-1.0

alejandro_garzaapachesolr_autocompleteMatch7.x-1.1

alejandro_garzaapachesolr_autocompleteMatch7.x-1.2

alejandro_garzaapachesolr_autocompleteMatch7.x-1.xdev

AND

drupaldrupalMatch-

VendorProductVersionCPE
alejandro_garzaapachesolr_autocomplete6.x-1.0cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:6.x-1.0:*:*:*:*:*:*:*
alejandro_garzaapachesolr_autocomplete6.x-1.1cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:6.x-1.1:*:*:*:*:*:*:*
alejandro_garzaapachesolr_autocomplete6.x-1.2cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:6.x-1.2:*:*:*:*:*:*:*
alejandro_garzaapachesolr_autocomplete6.x-1.3cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:6.x-1.3:*:*:*:*:*:*:*
alejandro_garzaapachesolr_autocomplete6.x-1.xcpe:2.3:a:alejandro_garza:apachesolr_autocomplete:6.x-1.x:dev:*:*:*:*:*:*
alejandro_garzaapachesolr_autocomplete7.x-1.0cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:7.x-1.0:*:*:*:*:*:*:*
alejandro_garzaapachesolr_autocomplete7.x-1.1cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:7.x-1.1:*:*:*:*:*:*:*
alejandro_garzaapachesolr_autocomplete7.x-1.2cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:7.x-1.2:*:*:*:*:*:*:*
alejandro_garzaapachesolr_autocomplete7.x-1.xcpe:2.3:a:alejandro_garza:apachesolr_autocomplete:7.x-1.x:dev:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alejandro_garza	apachesolr_autocomplete	6.x-1.0	cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:6.x-1.0:::::::*
alejandro_garza	apachesolr_autocomplete	6.x-1.1	cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:6.x-1.1:::::::*
alejandro_garza	apachesolr_autocomplete	6.x-1.2	cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:6.x-1.2:::::::*
alejandro_garza	apachesolr_autocomplete	6.x-1.3	cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:6.x-1.3:::::::*
alejandro_garza	apachesolr_autocomplete	6.x-1.x	cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:6.x-1.x:dev::::::
alejandro_garza	apachesolr_autocomplete	7.x-1.0	cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:7.x-1.0:::::::*
alejandro_garza	apachesolr_autocomplete	7.x-1.1	cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:7.x-1.1:::::::*
alejandro_garza	apachesolr_autocomplete	7.x-1.2	cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:7.x-1.2:::::::*
alejandro_garza	apachesolr_autocomplete	7.x-1.x	cpe:2.3:a:alejandro_garza:apachesolr_autocomplete:7.x-1.x:dev::::::
drupal	drupal	-	cpe:2.3:a:drupal:drupal:-:::::::*

References

osvdb.org/85062

seclists.org/fulldisclosure/2013/Jun/212

secunia.com/advisories/50443

www.securityfocus.com/bid/55290

drupal.org/node/1762684

drupal.org/node/1762686

drupal.org/node/1762734

exchange.xforce.ibmcloud.com/vulnerabilities/78153

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

70.3%

JSON

Related for CVE-2012-6573