Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2297

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-2297
Last Modified 27 Aug 2012 12:00:00
Published 26 Aug 2012 05:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2012-2297

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter.

Vulnerable Systems

Application

  • Creative Commons Module Project Creativecommons 6.x-1.0


References

XF - creativecommons-licensedescription-xss(75180)

BID - 53248

MLIST - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules

MLIST - [oss-security] 20120502 CVE Request for Drupal contributed modules

MISC - http://www.madirish.net/content/drupal-creative-commons-6x-10-xss-vulnerability

SECUNIA - 48937

MISC - http://drupal.org/node/1547520

CONFIRM - http://drupal.org/node/1547478


Last Updated: 27 May 2016 11:00:18