Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2082

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-2082
Last Modified 19 Jun 2015 10:19:51
Published 14 Aug 2012 07:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2012-2082

Summary

Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature.

Vulnerable Systems

Application

  • Chaos Tool Suite Project Ctools 7.x-1.0

  • Chaos Tool Suite Project Ctools 7.x-1.x

  • Merlinofchaos Chaos Tool Suite 7.x-1.0

  • Merlinofchaos Chaos Tool Suite 7.x-1.x

  • Merlinofchaos Chaos Tool Suite 7.x-1.x-dev


References

XF - drupal-chaos-unspecified-xss(74481)

BID - 52794

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

SECUNIA - 48616

OSVDB - 80679

CONFIRM - http://drupalcode.org/project/ctools.git/commit/755b3c4

MISC - http://drupal.org/node/1507466

CONFIRM - http://drupal.org/node/1507412


Last Updated: 27 May 2016 11:09:02