4.3
CVE-2012-1561
- EPSS 3.01%
- Veröffentlicht 08.04.2014 14:22:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginCross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.01% | 0.857 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://drupal.org/node/1432318
http://drupal.org/node/1432320
http://secunia.com/advisories/47943
http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities
http://www.openwall.com/lists/oss-security/2012/03/16/9
http://www.openwall.com/lists/oss-security/2012/03/19/9
https://drupal.org/node/1432970
http://drupalcode.org/project/finder.git/commit/13e2d0c
http://drupalcode.org/project/finder.git/commit/58443aa
http://secunia.com/advisories/47941
http://www.osvdb.org/79015
https://exchange.xforce.ibmcloud.com/vulnerabilities/73110