Lucene search

[email protected]CVE-2012-4474

HistoryNov 30, 2012 - 10:55 p.m.

CVE-2012-4474

2012-11-3022:55:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-4474

cross-site scripting

xss

colorbox node module

drupal

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Affected configurations

NVD

Node

colorbox_nodedennis_blakeMatch7.x-2.0

colorbox_nodedennis_blakeMatch7.x-2.1

AND

drupaldrupalMatch-

CPENameOperatorVersion
colorbox_node:dennis_blakecolorbox node dennis blakeeq7.x-2.0
colorbox_node:dennis_blakecolorbox node dennis blakeeq7.x-2.1

CPE	Name	Operator	Version
colorbox_node:dennis_blake	colorbox node dennis blake	eq	7.x-2.0
colorbox_node:dennis_blake	colorbox node dennis blake	eq	7.x-2.1

References

drupal.org/node/1679410

drupal.org/node/1679486

www.openwall.com/lists/oss-security/2012/10/04/3

www.securityfocus.com/bid/54406

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.3%

JSON

Related for CVE-2012-4474

prion1 cvelist1 nvd1 drupal1