Lucene search

K

RedhatCVELIST:CVE-2012-2298

HistoryAug 14, 2012 - 10:00 p.m.

CVE-2012-2298

2012-08-1422:00:00

redhat

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) “user names in page titles” and (2) “autocomplete callbacks.”

References

drupal.org/node/1547352

drupal.org/node/1547660

drupalcode.org/project/realname.git/commitdiff/41786d0

drupalcode.org/project/realname.git/commitdiff/b920794

secunia.com/advisories/48936

www.openwall.com/lists/oss-security/2012/05/03/1

www.openwall.com/lists/oss-security/2012/05/03/2

www.securityfocus.com/bid/53250

exchange.xforce.ibmcloud.com/vulnerabilities/75181

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

Related for CVELIST:CVE-2012-2298

drupal1 prion1 nvd1 cve1