Lucene search
HistoryJun 27, 2012 - 12:55 a.m.
CVE-2012-2703
cve-2012-2703
cross-site scripting
xss
advertisement module
drupal
debug mode
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.1%
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the “$conf variable in settings.php.”
Affected configurations
Node
john_franklinadvertisementMatch6.x-2.0
ORjohn_franklinadvertisementMatch6.x-2.0alpha1
ORjohn_franklinadvertisementMatch6.x-2.0alpha2
ORjohn_franklinadvertisementMatch6.x-2.0beta1
ORjohn_franklinadvertisementMatch6.x-2.0beta2
ORjohn_franklinadvertisementMatch6.x-2.0beta3
ORjohn_franklinadvertisementMatch6.x-2.0beta4
ORjohn_franklinadvertisementMatch6.x-2.0beta5
ORjohn_franklinadvertisementMatch6.x-2.0beta6
ORjohn_franklinadvertisementMatch6.x-2.0-rc1
ORjohn_franklinadvertisementMatch6.x-2.1
ORjohn_franklinadvertisementMatch6.x-2.1rc1
ORjohn_franklinadvertisementMatch6.x-2.2
ORjohn_franklinadvertisementMatch6.x-2.2rc1
ORjohn_franklinadvertisementMatch6.x-2.3beta1
ORjohn_franklinadvertisementMatch6.x-2.3dev
ORjohn_franklinadvertisementMatch6.x-2.xdev
drupaldrupalMatch-
Related
prion
prion
Cross site scripting
2012-06-27 00:55:00
nvd
nvd
CVE-2012-2703
2012-06-27 00:55:02
cvelist
cvelist
CVE-2012-2703
2012-06-27 00:00:00
drupal
drupal
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.1%
Related for CVE-2012-2703