Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1634

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1634
Last Modified 08 Oct 2012 12:00:00
Published 06 Oct 2012 05:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1634

Summary

Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links.

Vulnerable Systems

Application

  • Hans Nilsson Video Filter 6.x-2.0

  • Hans Nilsson Video Filter 6.x-2.1

  • Hans Nilsson Video Filter 6.x-2.2

  • Hans Nilsson Video Filter 6.x-2.3

  • Hans Nilsson Video Filter 6.x-2.4

  • Hans Nilsson Video Filter 6.x-2.5

  • Hans Nilsson Video Filter 6.x-2.6

  • Hans Nilsson Video Filter 6.x-2.7

  • Hans Nilsson Video Filter 6.x-2.8

  • Hans Nilsson Video Filter 6.x-2.x

  • Hans Nilsson Video Filter 7.x-2.x


References

XF - videofilter-unspecified-xss(72359)

BID - 51381

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

MISC - http://justin.madirish.net/content/drupal-video-filter-6x-28-xss-vulnerability

CONFIRM - http://drupalcode.org/project/video_filter.git/commit/c90c86e

CONFIRM - http://drupalcode.org/project/video_filter.git/commit/49680a6

MISC - http://drupal.org/node/1401838


Last Updated: 27 May 2016 11:00:54