Vulnerability Name: | CVE-2012-2726 (CCN-76126) | ||||||||
Assigned: | 2012-06-06 | ||||||||
Published: | 2012-06-06 | ||||||||
Updated: | 2017-08-29 | ||||||||
Summary: | Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter. | ||||||||
CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N) 1.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-79 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2012-2726 Source: CCN Type: Drupal Web Site Drupal - Open Source CMS | drupal.org Source: CONFIRM Type: Patch http://drupal.org/node/1618090 Source: CONFIRM Type: Patch http://drupal.org/node/1618092 Source: CCN Type: SA-CONTRIB-2012-097 Protest - Cross Site Scripting (XSS) Source: MISC Type: Patch, Vendor Advisory http://drupal.org/node/1619856 Source: CONFIRM Type: Exploit, Patch http://drupalcode.org/project/protest.git/commitdiff/c85eaed Source: CONFIRM Type: Exploit, Patch http://drupalcode.org/project/protest.git/commitdiff/cf8c543 Source: CCN Type: SA49386 Drupal Protest Module "protest_body" Script Insertion Vulnerability Source: SECUNIA Type: Vendor Advisory 49386 Source: MLIST Type: UNKNOWN [oss-security] 20120613 Re: CVE Request for Drupal contributed modules Source: OSVDB Type: UNKNOWN 82715 Source: CCN Type: OSVDB ID: 82715 Protest Module for Drupal Protest Message Creation protest_body Parameter XSS Source: XF Type: UNKNOWN protest-protestbodyparameter-xss(76126) Source: XF Type: UNKNOWN protest-protestbodyparameter-xss(76126) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |