CVE-2012-2705

EPSS 0.32%
Veröffentlicht 27.06.2012 00:55:04
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Christopher Mitchell ≫ Smart Breadcrumb Version6.x-1.0

Drupal ≫ Drupal Version-

Christopher Mitchell ≫ Smart Breadcrumb Version6.x-1.1

Drupal ≫ Drupal Version-

Christopher Mitchell ≫ Smart Breadcrumb Version6.x-1.2

Drupal ≫ Drupal Version-

Christopher Mitchell ≫ Smart Breadcrumb Version6.x-1.x Updatedev

Drupal ≫ Drupal Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.551

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:N/AC:H/Au:S/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2012/06/14/3

http://drupal.org/node/1568216

Patch

http://drupal.org/node/1585564

Patch

Vendor Advisory

http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a

Patch

http://secunia.com/advisories/49163

Vendor Advisory

http://www.osvdb.org/82006

http://www.securityfocus.com/bid/53592