Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2725

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-2725
Last Modified 27 Jun 2012 12:00:00
Published 26 Jun 2012 08:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-2725

Summary

classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks.

Vulnerable Systems

Application

  • Authoring Html 6.x-1.0


References

XF - authoringhtml-embeddedscripts-xss(76127)

OSVDB - 82739

MLIST - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules

SECUNIA - 49387

CONFIRM - http://drupalcode.org/project/authoring_html.git/commitdiff/ceae1ab

MISC - http://drupal.org/node/1619852

CONFIRM - http://drupal.org/node/1619086


Last Updated: 27 May 2016 10:56:35