Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2711

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-2711
Last Modified 27 Jun 2012 12:00:00
Published 26 Jun 2012 08:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2012-2711

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information.

Vulnerable Systems

Application

  • Nancy Wichmann Taxonomy List 6.x-1.0

  • Nancy Wichmann Taxonomy List 6.x-1.0-beta1

  • Nancy Wichmann Taxonomy List 6.x-1.1

  • Nancy Wichmann Taxonomy List 6.x-1.2

  • Nancy Wichmann Taxonomy List 6.x-1.3

  • Nancy Wichmann Taxonomy List 6.x-1.x-dev


References

XF - taxonomylist-taxonomyinformation-xss(75867)

BID - 53671

OSVDB - 82164

MLIST - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules

SECUNIA - 49238

CONFIRM - http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0

MISC - http://drupal.org/node/1597262

CONFIRM - http://drupal.org/node/1595396


Last Updated: 27 May 2016 10:56:35