Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2069

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2069
Last Modified 30 Oct 2012 12:03:47
Published 06 Sep 2012 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2069

Summary

Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters.

Vulnerable Systems

Application

  • Mclewin Wishlist 6.x-2.1

  • Mclewin Wishlist 6.x-2.2

  • Mclewin Wishlist 6.x-2.4

  • Mclewin Wishlist 7.x-2.5

  • Mclewin Wishlist 7.x-2.x


References

CONFIRM - http://drupalcode.org/project/wishlist.git/commit/73aaf98

CONFIRM - http://drupalcode.org/project/wishlist.git/commit/6660c33

MISC - http://drupal.org/node/1492624

CONFIRM - http://drupal.org/node/1483636

CONFIRM - http://drupal.org/node/1483634

BID - 52660

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

MISC - http://www.madirish.net/content/drupal-wishlist-6x-24-xss-vulnerability

SECUNIA - 48486


Last Updated: 27 May 2016 11:00:28