PRIOn knowledge basePRION:CVE-2012-2075

HistoryAug 14, 2012 - 11:55 p.m.

Cross site scripting

2012-08-1423:55:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
contact_saveeq6.120.10
contact_saveeq6.x-1.1 beta1
contact_saveeq6.120.11
contact_saveeq6.x-1.2 beta3
contact_saveeq6.120.12
contact_saveeq6.x-1.2 beta1
contact_saveeq6.x-1.2 beta2
contact_saveeq6.x-1.3 beta1
contact_saveeq6.120.13
contact_saveeq6.x-1.3 beta2

Name	Operator	Version
contact_save	eq	6.120.10
contact_save	eq	6.x-1.1 beta1
contact_save	eq	6.120.11
contact_save	eq	6.x-1.2 beta3
contact_save	eq	6.120.12
contact_save	eq	6.x-1.2 beta1
contact_save	eq	6.x-1.2 beta2
contact_save	eq	6.x-1.3 beta1
contact_save	eq	6.120.13
contact_save	eq	6.x-1.3 beta2

Rows per page:

1-10 of 161

References

drupalcode.org/project/contact_save.git/commit/0654894

osvdb.org/80669

secunia.com/advisories/48619

www.openwall.com/lists/oss-security/2012/04/07/1

www.securityfocus.com/bid/52787

drupal.org/node/1506438

drupal.org/node/953788

exchange.xforce.ibmcloud.com/vulnerabilities/74515