CVE-2012-0914

Published Jan 24, 2012

Last updated 7 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F7FDB15-3B06-43AA-8FDF-DCCA137EAEAF"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11733CB-B68B-4DC4-90E8-75EDB2A9D616"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DFF9E8E-3C0C-4E07-8C65-7E928E71563C"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F2BB012-22DF-42E2-89F4-5542EAB21107"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70775F0F-3B57-417E-B116-3CFD43B83B66"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4A7B0F5-A9CC-4287-8247-D44B71A0C46D"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE5F0B91-A3B1-4A8D-B64A-4ECD94CA94C1"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6347ECE0-2C66-47D5-9B57-D5BA0D6F4C91"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A162DC0-D61B-404D-914F-F058D2DED47C"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0DE2442-F0A0-400A-AC91-61B331330D10"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C90BD49E-2583-4BC3-91E7-9B104251ECD4"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B49552D8-63A9-40C3-8D24-AB345996CFF3"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D4030F8-497F-46A3-A6B4-CC0CD7DBBFAC"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0CC32BC-3EE5-4743-B89A-3C13FEDB033A"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D13FAA1B-E84F-4215-A7B4-44D5A3802879"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13A37FE9-FA07-4566-9D64-E73385656077"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB6B4223-3E5B-4F60-B0EF-E1C9B086F97C"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCDE6A13-FB05-4016-8793-FDA4D8543E5A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B440A22-6241-4452-A5FE-0C41CE77FE27"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB849863-7CD4-4B7E-8136-CF94FCF714A8"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D97AB2AD-24F8-4080-9E0A-5291FC05FBAA"
          },
          {
            "criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA78D313-CFCF-4AD4-A3F1-9CADD135B8EC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References