Vulnerability Name: | CVE-2012-2717 (CCN-76002) | ||||||||
Assigned: | 2012-05-30 | ||||||||
Published: | 2012-05-30 | ||||||||
Updated: | 2017-08-29 | ||||||||
Summary: | Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-79 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2012-2717 Source: CONFIRM Type: Patch http://drupal.org/node/1169008 Source: CCN Type: SA-CONTRIB-2012-088 Mobile Tools - Cross Site Scripting (XSS) Source: MISC Type: Patch, Vendor Advisory http://drupal.org/node/1608828 Source: CCN Type: Mobile Tools Web Site http://drupal.org/project/mobile_tools Source: CONFIRM Type: Exploit, Patch http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fc Source: OSVDB Type: UNKNOWN 82410 Source: CCN Type: SA49318 Drupal Mobile Tools Module Script Insertion Vulnerabilities Source: SECUNIA Type: Vendor Advisory 49318 Source: MISC Type: UNKNOWN http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss Source: MLIST Type: UNKNOWN [oss-security] 20120613 Re: CVE Request for Drupal contributed modules Source: CCN Type: OSVDB ID: 82410 Mobile Tools Module for Drupal Unspecified XSS Source: BID Type: Patch 53734 Source: CCN Type: BID-53734 Drupal Mobile Tools Module Multiple Unspecified HTML Injection Vulnerabilities Source: XF Type: UNKNOWN drupal-mobiletools-unspecified-xss(76002) Source: XF Type: UNKNOWN drupal-mobiletools-unspecified-xss(76002) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |