CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
99.7%
These modules enable you to substitutes text emoticons, like :-), with images.
These modules don’t sufficiently sanitize user defined smiley acronyms before displaying smiley images.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “administer smiley”.
These two modules are based on the same codebase and Smiley was forked due to lack of new feature development in the Smileys project. This single Security Advisory covers the same issue in the code of both modules.
CVE: CVE-2012-5558
Drupal core is not affected. If you do not use the contributed Smiley module, or the Smileys module there is nothing you need to do.
Install the latest version:
Also see the Smiley project page.
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
99.7%