4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
66.0%
CVE: CVE-2012-2117
The Gigya - Social optimization module provides a single API that aggregates authentication and social APIs from Facebook Connect, MySpace ID, Twitter, and OpenID webmail providers including Google, Yahoo, and AOL.
The module doesn’t sufficiently escape URL elements which are printed back to the user.
Drupal core is not affected. If you do not use the contributed Gigya - Social optimization module, there is nothing you need to do.
Install the latest version:
Also see the Gigya - Social optimization project page.