Lucene search

PRIOn knowledge basePRION:CVE-2012-2071

HistoryAug 14, 2012 - 11:55 p.m.

Cross site scripting

2012-08-1423:55:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

43.4%

JSON

Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
contact_formseq6.120.11
contact_formseq6.120.12
contact_formseq6.120.13
contact_formseq6.120.14
contact_formseq6.120.15
contact_formseq6.120.16
contact_formseq6.120.17
contact_formseq6.120.18
contact_formseq6.120.19
contact_formseq6.120.110

Name	Operator	Version
contact_forms	eq	6.120.11
contact_forms	eq	6.120.12
contact_forms	eq	6.120.13
contact_forms	eq	6.120.14
contact_forms	eq	6.120.15
contact_forms	eq	6.120.16
contact_forms	eq	6.120.17
contact_forms	eq	6.120.18
contact_forms	eq	6.120.19
contact_forms	eq	6.120.110

Rows per page:

1-10 of 131

References

osvdb.org/80674

secunia.com/advisories/48583

www.openwall.com/lists/oss-security/2012/04/07/1

www.securityfocus.com/bid/52801

drupal.org/node/1506330

drupal.org/node/1506404

exchange.xforce.ibmcloud.com/vulnerabilities/74467

5.6 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

43.4%

JSON

Related for PRION:CVE-2012-2071