Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2298

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2298
Last Modified 18 Dec 2012 11:53:05
Published 14 Aug 2012 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2298

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."

Vulnerable Systems

Application

  • Drupal Realname 6.x-1.2

  • Nancy Wichmann Realname 6.x-1.0

  • Nancy Wichmann Realname 6.x-1.1

  • Nancy Wichmann Realname 6.x-1.2

  • Nancy Wichmann Realname 6.x-1.3

  • Nancy Wichmann Realname 6.x-1.4

  • Nancy Wichmann Realname 6.x-1.x


References

BID - 53250

MLIST - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules

MLIST - [oss-security] 20120502 CVE Request for Drupal contributed modules

SECUNIA - 48936

CONFIRM - http://drupalcode.org/project/realname.git/commitdiff/b920794

CONFIRM - http://drupalcode.org/project/realname.git/commitdiff/41786d0

MISC - http://drupal.org/node/1547660

CONFIRM - http://drupal.org/node/1547352

XF - realname-unspecified-xss(75181)


Last Updated: 27 May 2016 10:51:41