5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
77.5%
CVE: CVE-2012-2096
The Fivestar module enables you to add a voting widget to nodes and comments.
The module does not sufficiently validate all votes passed by the asynchronous voting widget allowing a malicious user to improperly modify voting averages.
Drupal core is not affected. If you do not use the contributed Fivestar module, there is nothing you need to do.
Install the latest version:
Also see the Fivestar project page.