Vulnerability Name:

CVE-2012-2711 (CCN-75867)

Assigned:2012-05-23
Published:2012-05-23
Updated:2017-08-29
Summary:Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information.
CVSS v3 Severity:2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N)
1.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-2711

Source: CONFIRM
Type: Patch
http://drupal.org/node/1595396

Source: CCN
Type: SA-CONTRIB-2012-083
Taxonomy List - Cross Site Scripting (XSS)

Source: MISC
Type: Patch, Vendor Advisory
http://drupal.org/node/1597262

Source: CCN
Type: Taxonomy List module for Drupal Web Site
Taxonomy List | drupal.org

Source: CONFIRM
Type: Exploit, Patch
http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0

Source: CCN
Type: SA49238
Drupal Taxonomy List Module Taxonomy Information Script Insertion Vulnerability

Source: SECUNIA
Type: Vendor Advisory
49238

Source: MLIST
Type: UNKNOWN
[oss-security] 20120613 Re: CVE Request for Drupal contributed modules

Source: OSVDB
Type: UNKNOWN
82164

Source: CCN
Type: OSVDB ID: 82164
Taxonomy List Module for Drupal Taxonomy Term Manipulation Taxonomy Information XSS

Source: BID
Type: Patch
53671

Source: CCN
Type: BID-53671
Drupal Taxonomy List Module Cross Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
taxonomylist-taxonomyinformation-xss(75867)

Source: XF
Type: UNKNOWN
taxonomylist-taxonomyinformation-xss(75867)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nancy_wichmann:taxonomy_list:6.x-1.0:*:*:*:*:*:*:*
  • OR cpe:/a:nancy_wichmann:taxonomy_list:6.x-1.0-beta1:*:*:*:*:*:*:*
  • OR cpe:/a:nancy_wichmann:taxonomy_list:6.x-1.1:*:*:*:*:*:*:*
  • OR cpe:/a:nancy_wichmann:taxonomy_list:6.x-1.2:*:*:*:*:*:*:*
  • OR cpe:/a:nancy_wichmann:taxonomy_list:6.x-1.2:dev:*:*:*:*:*:*
  • OR cpe:/a:nancy_wichmann:taxonomy_list:6.x-1.3:*:*:*:*:*:*:*
  • OR cpe:/a:nancy_wichmann:taxonomy_list:6.x-1.x-dev:*:*:*:*:*:*:*
  • AND
  • cpe:/a:drupal:drupal:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    nancy_wichmann taxonomy list 6.x-1.0
    nancy_wichmann taxonomy list 6.x-1.0-beta1
    nancy_wichmann taxonomy list 6.x-1.1
    nancy_wichmann taxonomy list 6.x-1.2
    nancy_wichmann taxonomy list 6.x-1.2 dev
    nancy_wichmann taxonomy list 6.x-1.3
    nancy_wichmann taxonomy list 6.x-1.x-dev
    drupal drupal -