Lucene search
RedhatCVE-2012-2710HistoryJun 27, 2012 - 12:55 a.m.
CVE-2012-2710
2012-06-2700:55:04
CWE-79
redhat
web.nvd.nist.gov
22
cve-2012-2710
xss
vulnerability
zen module
drupal
remote attackers
web script
html
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.003
Percentile
65.5%
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when “Append the content title to the end of the breadcrumb” is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.
Affected configurations
Node
john_albinzenMatch6.x-1.0
ORjohn_albinzenMatch6.x-1.0beta2
ORjohn_albinzenMatch6.x-1.0beta3
ORjohn_albinzenMatch6.x-1.0beta1
ORjohn_albinzenMatch6.x-1.xdev
drupaldrupalMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| john_albin | zen | 6.x-1.0 | cpe:2.3:a:john_albin:zen:6.x-1.0:*:*:*:*:*:*:* |
| john_albin | zen | 6.x-1.0 | cpe:2.3:a:john_albin:zen:6.x-1.0:beta2:*:*:*:*:*:* |
| john_albin | zen | 6.x-1.0 | cpe:2.3:a:john_albin:zen:6.x-1.0:beta3:*:*:*:*:*:* |
| john_albin | zen | 6.x-1.0beta1 | cpe:2.3:a:john_albin:zen:6.x-1.0beta1:*:*:*:*:*:*:* |
| john_albin | zen | 6.x-1.x | cpe:2.3:a:john_albin:zen:6.x-1.x:dev:*:*:*:*:*:* |
| drupal | drupal | - | cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:* |
Related
drupal
drupal
SA-CONTRIB-2012-082 - Zen - Cross Site Scripting
2012-05-16 00:00:00
nvd
nvd
CVE-2012-2710
2012-06-27 00:55:04
prion
prion
Cross site scripting
2012-06-27 00:55:00
cvelist
cvelist
CVE-2012-2710
2012-06-27 00:00:00
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.003
Percentile
65.5%
Related for CVE-2012-2710