Lucene search

PRIOn knowledge basePRION:CVE-2012-2070

HistoryAug 14, 2012 - 11:55 p.m.

Cross site scripting

2012-08-1423:55:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title.

CPENameOperatorVersion
multiblockeq6.120.11
multiblockeq6.120.12
multiblockeq6.120.13
multiblockeq6.x-1.x dev
multiblockeq7.x-1.0 beta2
multiblockeq7.x-1.0 beta1
multiblockeq7.120.10
multiblockeq7.x-1.x dev

Name	Operator	Version
multiblock	eq	6.120.11
multiblock	eq	6.120.12
multiblock	eq	6.120.13
multiblock	eq	6.x-1.x dev
multiblock	eq	7.x-1.0 beta2
multiblock	eq	7.x-1.0 beta1
multiblock	eq	7.120.10
multiblock	eq	7.x-1.x dev

References

drupalcode.org/project/multiblock.git/commit/2c5177b

drupalcode.org/project/multiblock.git/commit/aee07d3

osvdb.org/80673

secunia.com/advisories/48588

www.madirish.net/content/drupal-multiblock-6x-13-xss-vulnerability

www.openwall.com/lists/oss-security/2012/04/07/1

www.securityfocus.com/bid/52800

drupal.org/node/1505410

drupal.org/node/1505414

drupal.org/node/1506390

exchange.xforce.ibmcloud.com/vulnerabilities/74466