3 matches found
CVE-2012-2077
The Drupal ShareThis module (7.x-2.x) before 7.x-2.3 is affected by a CSRF vulnerability that lets an attacker hijack the authentication of users with the administer sharethis permission via vectors outside of the Form API. The root cause is that administrative settings could be affected outside ...
CVE-2012-2076
The CVE-2012-2076 issue affects the Drupal ShareThis module (7.x-2.x) prior to 7.x-2.3. The root cause is improper handling of the Form API in the administration forms, enabling an authenticated user with the administer sharethis permission to inject arbitrary web script or HTML (XSS) via unspeci...
CVE-2012-5545
The CVE affects the Drupal ShareThis module (7.x-2.x) prior to 7.x-2.5. The vulnerability is an XSS in the handling of JavaScript settings due to insufficient filtering of output. Exploitation requires an authenticated user with the 'administer sharethis' permission. A fixed version is ShareThis ...