4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.5%
CVE: CVE-2012-1634
The Video Filter module lets you display videos from various third party sources. When videos from Blip.tv are shown, the module fails to sanitize source data before display.
This vulnerability is mitigated by the fact that the attacker has to be able to either control the source of third party data (such as via DNS hijack) or manipulate it in transit.
Drupal core is not affected. If you do not use the contributed Video Filter module, there is nothing you need to do.
Install the latest version:
See also the Video Filter project page.