Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2712

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-2712
Last Modified 27 Jun 2012 12:00:00
Published 26 Jun 2012 08:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-2712

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors.

Vulnerable Systems

Application

  • Thomas Seidl Search Api 7.x-1.0

  • Thomas Seidl Search Api 7.x-1.x


References

XF - searchapi-exceptions-errors-xss(75868)

BID - 53672

OSVDB - 82230

MLIST - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules

SECUNIA - 49236

CONFIRM - http://drupalcode.org/project/search_api.git/commitdiff/5a18c8c

MISC - http://drupal.org/node/1597364

CONFIRM - http://drupal.org/node/1596524


Last Updated: 27 May 2016 10:56:35