Lucene search

PRIOn knowledge basePRION:CVE-2012-1646

HistorySep 25, 2012 - 11:55 p.m.

Cross site scripting

2012-09-2523:55:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_question parameter in faq.module.

CPENameOperatorVersion
faqeq6.120.19
faqeq6.120.17
faqeq6.120.13
faqeq6.120.18
faqeq6.120.16
faqeq6.120.111
faqeq6.120.110
faqeq6.120.15
faqeq6.120.1120
faqeq6.120.11

Name	Operator	Version
faq	eq	6.120.19
faq	eq	6.120.17
faq	eq	6.120.13
faq	eq	6.120.18
faq	eq	6.120.16
faq	eq	6.120.111
faq	eq	6.120.110
faq	eq	6.120.15
faq	eq	6.120.1120
faq	eq	6.120.11

Rows per page:

1-10 of 151

References

drupalcode.org/project/faq.git/blobdiff/2991dd94e70a2881571a4b777645f4dcc42c1f10..912f1d2:/faq.module

drupalcode.org/project/faq.git/blobdiff/525fb85e5a43cb6cfe3028aa88eaf8a6e40548d5..f381756:/faq.admin.inc

drupalcode.org/project/faq.git/commit/912f1d2

drupalcode.org/project/faq.git/commit/f381756

osvdb.org/79466

secunia.com/advisories/48131

www.openwall.com/lists/oss-security/2012/04/07/1

www.securityfocus.com/bid/52126

drupal.org/node/1451194

exchange.xforce.ibmcloud.com/vulnerabilities/73452