2 matches found
CVE-2012-2703
CVE-2012-2703 describes an XSS vulnerability in the Drupal Advertisement module (versions 6.x-2.x prior to 6.x-2.3). When debug mode is enabled, an attacker could inject arbitrary script/HTML via the $conf variable in settings.php. Affected product: Drupal contributed Advertisement module for 6.x...
CVE-2012-2704
The CVE-2012-2704 issue concerns the Drupal Advertisement module (6.x-2.x) prior to 6.x-2.3 where debug information was not properly restricted, enabling remote attackers to obtain sensitive site configuration data defined by $conf in settings.php. This information disclosure is the primary impac...