Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1561

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1561
Last Modified 08 Apr 2014 12:55:37
Published 08 Apr 2014 10:22:09
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1561

Summary

Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities."

Vulnerable Systems

Application

  • Danielb Finder 6.x-1.0

  • Danielb Finder 6.x-1.1

  • Danielb Finder 6.x-1.10

  • Danielb Finder 6.x-1.11

  • Danielb Finder 6.x-1.12

  • Danielb Finder 6.x-1.13

  • Danielb Finder 6.x-1.14

  • Danielb Finder 6.x-1.15

  • Danielb Finder 6.x-1.16

  • Danielb Finder 6.x-1.17

  • Danielb Finder 6.x-1.18

  • Danielb Finder 6.x-1.19

  • Danielb Finder 6.x-1.2

  • Danielb Finder 6.x-1.20

  • Danielb Finder 6.x-1.21

  • Danielb Finder 6.x-1.23

  • Danielb Finder 6.x-1.24

  • Danielb Finder 6.x-1.25

  • Danielb Finder 6.x-1.3

  • Danielb Finder 6.x-1.4

  • Danielb Finder 6.x-1.5

  • Danielb Finder 6.x-1.6

  • Danielb Finder 6.x-1.7

  • Danielb Finder 6.x-1.8

  • Danielb Finder 6.x-1.9

  • Danielb Finder 6.x-1.x-dev

  • Danielb Finder 7.x-1.0

  • Danielb Finder 7.x-1.1

  • Danielb Finder 7.x-1.2

  • Danielb Finder 7.x-1.3

  • Danielb Finder 7.x-1.4

  • Danielb Finder 7.x-1.5

  • Danielb Finder 7.x-1.6

  • Danielb Finder 7.x-1.x

  • Danielb Finder 7.x-2.0

  • Danielb Finder 7.x-2.x


References

MISC - https://drupal.org/node/1432970

XF - drupal-finder-unspecified-xss(73110)

OSVDB - 79015

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

MLIST - [oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017

MLIST - [oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017

MISC - http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities

SECUNIA - 47943

SECUNIA - 47941

CONFIRM - http://drupalcode.org/project/finder.git/commit/58443aa

CONFIRM - http://drupalcode.org/project/finder.git/commit/13e2d0c

CONFIRM - http://drupal.org/node/1432320

CONFIRM - http://drupal.org/node/1432318


Last Updated: 27 May 2016 11:04:52