Lucene search

PRIOn knowledge basePRION:CVE-2012-2298

HistoryAug 14, 2012 - 10:55 p.m.

Cross site scripting

2012-08-1422:55:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) “user names in page titles” and (2) “autocomplete callbacks.”

CPENameOperatorVersion
realnameeq6.120.12
realnameeq6.x-1.0 alpha1
realnameeq6.120.10
realnameeq6.x-1.0 beta
realnameeq6.120.11
realnameeq6.x-1.1 rc3
realnameeq6.x-1.1 rc2
realnameeq6.x-1.1 rc1
realnameeq6.120.12
realnameeq6.120.13

Name	Operator	Version
realname	eq	6.120.12
realname	eq	6.x-1.0 alpha1
realname	eq	6.120.10
realname	eq	6.x-1.0 beta
realname	eq	6.120.11
realname	eq	6.x-1.1 rc3
realname	eq	6.x-1.1 rc2
realname	eq	6.x-1.1 rc1
realname	eq	6.120.12
realname	eq	6.120.13

Rows per page:

1-10 of 121

References

drupalcode.org/project/realname.git/commitdiff/41786d0

drupalcode.org/project/realname.git/commitdiff/b920794

secunia.com/advisories/48936

www.openwall.com/lists/oss-security/2012/05/03/1

www.openwall.com/lists/oss-security/2012/05/03/2

www.securityfocus.com/bid/53250

drupal.org/node/1547352

drupal.org/node/1547660

exchange.xforce.ibmcloud.com/vulnerabilities/75181