Cross site scripting

2012-08-3122:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
gigyaeq.x-3.0 beta1
gigyaeq6.120.30
gigyaeq6.x-3.0 beta3
gigyaeq6.x-3.0 beta2
gigyaeq6.120.31
gigyaeq6.x-3.x dev

Name	Operator	Version
gigya	eq	.x-3.0 beta1
gigya	eq	6.120.30
gigya	eq	6.x-3.0 beta3
gigya	eq	6.x-3.0 beta2
gigya	eq	6.120.31
gigya	eq	6.x-3.x dev

References

secunia.com/advisories/48832

www.openwall.com/lists/oss-security/2012/04/18/11

www.openwall.com/lists/oss-security/2012/04/19/1

drupal.org/node/1515084

drupal.org/node/1538704

exchange.xforce.ibmcloud.com/vulnerabilities/75025