Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2068

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-2068
Last Modified 11 Sep 2012 12:00:00
Published 04 Sep 2012 08:55:15
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2012-2068

Summary

Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter.

Vulnerable Systems

Application

  • Tiger-fish Fancy Slide 6.x-2.2

  • Tiger-fish Fancy Slide 6.x-2.4

  • Tiger-fish Fancy Slide 6.x-2.5

  • Tiger-fish Fancy Slide 6.x-2.6

  • Tiger-fish Fancy Slide 6.x-2.x


References

XF - fancyslide-createslideshowblocks-xss(74070)

BID - 52513

OSVDB - 80069

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

SECUNIA - 48412

CONFIRM - http://drupalcode.org/project/fancy_slide.git/commit/cd2a424

MISC - http://drupal.org/node/1482744

CONFIRM - http://drupal.org/node/1417688


Last Updated: 27 May 2016 11:00:27