Lucene search

K

RedhatCVELIST:CVE-2012-2726

HistoryJun 27, 2012 - 12:00 a.m.

CVE-2012-2726

2012-06-2700:00:00

redhat

www.cve.org

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.9%

Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the “administer protest” permission to inject arbitrary web script or HTML via the protest_body parameter.

References

drupal.org/node/1618090

drupal.org/node/1618092

drupal.org/node/1619856

drupalcode.org/project/protest.git/commitdiff/c85eaed

drupalcode.org/project/protest.git/commitdiff/cf8c543

secunia.com/advisories/49386

www.openwall.com/lists/oss-security/2012/06/14/3

www.osvdb.org/82715

exchange.xforce.ibmcloud.com/vulnerabilities/76126

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.9%

Related for CVELIST:CVE-2012-2726

nvd1 drupal1 cve1 prion1