Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2717

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2717
Last Modified 28 Jun 2012 12:00:00
Published 27 Jun 2012 05:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2717

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options.

Vulnerable Systems

Application

  • Mathew Winstone Mobile Tools 6.x-2.0

  • Mathew Winstone Mobile Tools 6.x-2.1

  • Mathew Winstone Mobile Tools 6.x-2.2

  • Mathew Winstone Mobile Tools 6.x-2.x


References

XF - drupal-mobiletools-unspecified-xss(76002)

BID - 53734

MLIST - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules

MISC - http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss

SECUNIA - 49318

OSVDB - 82410

CONFIRM - http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fc

MISC - http://drupal.org/node/1608828

CONFIRM - http://drupal.org/node/1169008


Last Updated: 27 May 2016 10:56:35