Lucene search

[email protected]CVE-2012-2065

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-2065

2022-10-0316:15:35

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-2065

cross-site scripting

xss

language icons module

drupal

nvd

security vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.2%

JSON

Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

fresolanguageiconsMatch6.x-2.0

fresolanguageiconsMatch6.x-2.0alpha1

fresolanguageiconsMatch6.x-2.0rc1

fresolanguageiconsMatch6.x-2.0rc2

fresolanguageiconsMatch6.x-2.1rc1

fresolanguageiconsMatch6.x-2.xdev

fresolanguageiconsMatch7.x-1.0alpha1

fresolanguageiconsMatch7.x-1.0beta1

fresolanguageiconsMatch7.x-1.0rc1

fresolanguageiconsMatch7.x-1.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
freso:languageiconsfreso languageiconseq6.x-2.0
freso:languageiconsfreso languageiconseq6.x-2.1
freso:languageiconsfreso languageiconseq6.x-2.x
freso:languageiconsfreso languageiconseq7.x-1.0
freso:languageiconsfreso languageiconseq7.x-1.x

CPE	Name	Operator	Version
freso:languageicons	freso languageicons	eq	6.x-2.0
freso:languageicons	freso languageicons	eq	6.x-2.1
freso:languageicons	freso languageicons	eq	6.x-2.x
freso:languageicons	freso languageicons	eq	7.x-1.0
freso:languageicons	freso languageicons	eq	7.x-1.x

References

drupal.org/node/1482136

drupal.org/node/1482144

drupal.org/node/1482428

drupalcode.org/project/languageicons.git/commit/be620bb

drupalcode.org/project/languageicons.git/commit/e3f3f1f

secunia.com/advisories/48405

www.openwall.com/lists/oss-security/2012/04/07/1

www.osvdb.org/80070

www.securityfocus.com/bid/52499

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.2%

JSON

Related for CVE-2012-2065

cvelist1 nvd1 prion1 drupal1