Lucene search

[email protected]CVE-2012-1561

HistoryApr 08, 2014 - 2:22 p.m.

CVE-2012-1561

2014-04-0814:22:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-1561

xss

vulnerability

drupal

finder module

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.1%

JSON

Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the “checkbox and radio button functionalities.”

Affected configurations

NVD

Node

danielbfinderMatch6.x-1.0

danielbfinderMatch6.x-1.0alpha1

danielbfinderMatch6.x-1.0alpha10

danielbfinderMatch6.x-1.0alpha11

danielbfinderMatch6.x-1.0alpha12

danielbfinderMatch6.x-1.0alpha13

danielbfinderMatch6.x-1.0alpha14

danielbfinderMatch6.x-1.0alpha15

danielbfinderMatch6.x-1.0alpha16

danielbfinderMatch6.x-1.0alpha17

danielbfinderMatch6.x-1.0alpha18

danielbfinderMatch6.x-1.0alpha19

danielbfinderMatch6.x-1.0alpha2

danielbfinderMatch6.x-1.0alpha20

danielbfinderMatch6.x-1.0alpha21

danielbfinderMatch6.x-1.0alpha22

danielbfinderMatch6.x-1.0alpha23

danielbfinderMatch6.x-1.0alpha24

danielbfinderMatch6.x-1.0alpha25

danielbfinderMatch6.x-1.0alpha26

danielbfinderMatch6.x-1.0alpha27

danielbfinderMatch6.x-1.0alpha28

danielbfinderMatch6.x-1.0alpha3

danielbfinderMatch6.x-1.0alpha4

danielbfinderMatch6.x-1.0alpha5

danielbfinderMatch6.x-1.0alpha6

danielbfinderMatch6.x-1.0alpha7

danielbfinderMatch6.x-1.0alpha8

danielbfinderMatch6.x-1.0alpha9

danielbfinderMatch6.x-1.0beta1

danielbfinderMatch6.x-1.0beta2

danielbfinderMatch6.x-1.0beta3

danielbfinderMatch6.x-1.0rc1

danielbfinderMatch6.x-1.0rc2

danielbfinderMatch6.x-1.0rc3

danielbfinderMatch6.x-1.0rc4

danielbfinderMatch6.x-1.0unstable0

danielbfinderMatch6.x-1.0unstable1

danielbfinderMatch6.x-1.0unstable2

danielbfinderMatch6.x-1.0unstable3

danielbfinderMatch6.x-1.0unstable4

danielbfinderMatch6.x-1.0unstable5

danielbfinderMatch6.x-1.0unstable6

danielbfinderMatch6.x-1.0unstable7

danielbfinderMatch6.x-1.1

danielbfinderMatch6.x-1.2

danielbfinderMatch6.x-1.3

danielbfinderMatch6.x-1.4

danielbfinderMatch6.x-1.5

danielbfinderMatch6.x-1.6

danielbfinderMatch6.x-1.7

danielbfinderMatch6.x-1.8

danielbfinderMatch6.x-1.9

danielbfinderMatch6.x-1.10

danielbfinderMatch6.x-1.11

danielbfinderMatch6.x-1.12

danielbfinderMatch6.x-1.13

danielbfinderMatch6.x-1.14

danielbfinderMatch6.x-1.15

danielbfinderMatch6.x-1.16

danielbfinderMatch6.x-1.17

danielbfinderMatch6.x-1.18

danielbfinderMatch6.x-1.19

danielbfinderMatch6.x-1.20

danielbfinderMatch6.x-1.21

danielbfinderMatch6.x-1.23

danielbfinderMatch6.x-1.24

danielbfinderMatch6.x-1.25

danielbfinderMatch6.x-1.x-dev

danielbfinderMatch7.x-1.0

danielbfinderMatch7.x-1.1

danielbfinderMatch7.x-1.2

danielbfinderMatch7.x-1.3

danielbfinderMatch7.x-1.4

danielbfinderMatch7.x-1.5

danielbfinderMatch7.x-1.6

danielbfinderMatch7.x-1.xdev

danielbfinderMatch7.x-2.0alpha1

danielbfinderMatch7.x-2.0alpha2

danielbfinderMatch7.x-2.0alpha3

danielbfinderMatch7.x-2.0alpha4

danielbfinderMatch7.x-2.0alpha5

danielbfinderMatch7.x-2.0alpha6

danielbfinderMatch7.x-2.xdev

CPENameOperatorVersion
danielb:finderdanielb findereq6.x-1.0
danielb:finderdanielb findereq6.x-1.1
danielb:finderdanielb findereq6.x-1.2
danielb:finderdanielb findereq6.x-1.3
danielb:finderdanielb findereq6.x-1.4
danielb:finderdanielb findereq6.x-1.5
danielb:finderdanielb findereq6.x-1.6
danielb:finderdanielb findereq6.x-1.7
danielb:finderdanielb findereq6.x-1.8
danielb:finderdanielb findereq6.x-1.9

CPE	Name	Operator	Version
danielb:finder	danielb finder	eq	6.x-1.0
danielb:finder	danielb finder	eq	6.x-1.1
danielb:finder	danielb finder	eq	6.x-1.2
danielb:finder	danielb finder	eq	6.x-1.3
danielb:finder	danielb finder	eq	6.x-1.4
danielb:finder	danielb finder	eq	6.x-1.5
danielb:finder	danielb finder	eq	6.x-1.6
danielb:finder	danielb finder	eq	6.x-1.7
danielb:finder	danielb finder	eq	6.x-1.8
danielb:finder	danielb finder	eq	6.x-1.9

Rows per page:

1-10 of 361

References

drupal.org/node/1432318

drupal.org/node/1432320

drupalcode.org/project/finder.git/commit/13e2d0c

drupalcode.org/project/finder.git/commit/58443aa

secunia.com/advisories/47941

secunia.com/advisories/47943

www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities

www.openwall.com/lists/oss-security/2012/03/16/9

www.openwall.com/lists/oss-security/2012/03/19/9

www.openwall.com/lists/oss-security/2012/04/07/1

www.osvdb.org/79015

drupal.org/node/1432970

exchange.xforce.ibmcloud.com/vulnerabilities/73110

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.1%

JSON

Related for CVE-2012-1561

cvelist2 prion2 nvd2 cve1