Lucene search

[email protected]NVD:CVE-2012-2066

HistorySep 05, 2012 - 12:55 a.m.

CVE-2012-2066

2012-09-0500:55:15

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

ckeditorfckeditorMatch6.x-1.1

ckeditorfckeditorMatch6.x-1.1beta

ckeditorfckeditorMatch6.x-1.1beta2

ckeditorfckeditorMatch6.x-1.2

ckeditorfckeditorMatch6.x-1.2-1

ckeditorfckeditorMatch6.x-1.3

ckeditorfckeditorMatch6.x-1.3beta

ckeditorfckeditorMatch6.x-1.3beta2

ckeditorfckeditorMatch6.x-1.3rc1

ckeditorfckeditorMatch6.x-1.3rc2

ckeditorfckeditorMatch6.x-1.3rc3

ckeditorfckeditorMatch6.x-1.3rc5

ckeditorfckeditorMatch6.x-1.3rc6

ckeditorfckeditorMatch6.x-1.3rc7

ckeditorfckeditorMatch6.x-1.4

ckeditorfckeditorMatch6.x-1.4rc1

ckeditorfckeditorMatch6.x-1.4rc2

ckeditorfckeditorMatch6.x-1.xdev

ckeditorfckeditorMatch6.x-2.0

ckeditorfckeditorMatch6.x-2.0alpha1

ckeditorfckeditorMatch6.x-2.0alpha3

ckeditorfckeditorMatch6.x-2.0alpha4

ckeditorfckeditorMatch6.x-2.0alpha5

ckeditorfckeditorMatch6.x-2.0beta1

ckeditorfckeditorMatch6.x-2.0beta2

ckeditorfckeditorMatch6.x-2.0beta3

ckeditorfckeditorMatch6.x-2.0beta4

ckeditorfckeditorMatch6.x-2.0rc1

ckeditorfckeditorMatch6.x-2.0rc2

ckeditorfckeditorMatch6.x-2.1

ckeditorfckeditorMatch6.x-2.1rc1

ckeditorfckeditorMatch6.x-2.2

ckeditorfckeditorMatch6.x-2.2rc1

ckeditorfckeditorMatch6.x-2.3

ckeditorfckeditorMatch6.x-2.xdev

AND

drupaldrupalMatch-

Node

ckeditorckeditorMatch6.x-1.0

ckeditorckeditorMatch6.x-1.0beta1

ckeditorckeditorMatch6.x-1.1

ckeditorckeditorMatch6.x-1.2

ckeditorckeditorMatch6.x-1.3

ckeditorckeditorMatch6.x-1.4

ckeditorckeditorMatch6.x-1.5

ckeditorckeditorMatch6.x-1.6

ckeditorckeditorMatch6.x-1.7

ckeditorckeditorMatch6.x-1.xdev

ckeditorckeditorMatch7.x-1.0

ckeditorckeditorMatch7.x-1.0rc1

ckeditorckeditorMatch7.x-1.1

ckeditorckeditorMatch7.x-1.2

ckeditorckeditorMatch7.x-1.3

ckeditorckeditorMatch7.x-1.4

ckeditorckeditorMatch7.x-1.5

ckeditorckeditorMatch7.x-1.6

ckeditorckeditorMatch7.x-1.xdev

AND

drupaldrupalMatch-

References

drupal.org/node/1482442

drupal.org/node/1482466

drupal.org/node/1482480

drupal.org/node/1482528

secunia.com/advisories/48435

www.openwall.com/lists/oss-security/2012/04/07/1

www.osvdb.org/80079

exchange.xforce.ibmcloud.com/vulnerabilities/74036

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for NVD:CVE-2012-2066

cve1 cvelist1 prion1 drupal1