4.3
CVE-2012-2717
- EPSS 2.46%
- Veröffentlicht 27.06.2012 21:55:03
- Zuletzt bearbeitet 16.06.2026 23:41:56
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginMultiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mathew Winstone ≫ Mobile Tools Version6.x-2.0
Mathew Winstone ≫ Mobile Tools Version6.x-2.1
Mathew Winstone ≫ Mobile Tools Version6.x-2.2
Mathew Winstone ≫ Mobile Tools Version6.x-2.x Updatedev
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.46% | 0.824 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://drupal.org/node/1169008
http://drupal.org/node/1608828
http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fc
http://osvdb.org/82410
http://secunia.com/advisories/49318
http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss
http://www.securityfocus.com/bid/53734
https://exchange.xforce.ibmcloud.com/vulnerabilities/76002