2.1
CVE-2012-2705
- EPSS 1.61%
- Veröffentlicht 27.06.2012 00:55:04
- Zuletzt bearbeitet 16.06.2026 23:41:54
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Christopher Mitchell ≫ Smart Breadcrumb Version6.x-1.0
Christopher Mitchell ≫ Smart Breadcrumb Version6.x-1.1
Christopher Mitchell ≫ Smart Breadcrumb Version6.x-1.2
Christopher Mitchell ≫ Smart Breadcrumb Version6.x-1.x Updatedev
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.61% | 0.727 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:N/AC:H/Au:S/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://drupal.org/node/1568216
http://drupal.org/node/1585564
http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a
http://secunia.com/advisories/49163
http://www.osvdb.org/82006
http://www.securityfocus.com/bid/53592
https://exchange.xforce.ibmcloud.com/vulnerabilities/75713