CVE-2012-1627

Published Sep 20, 2012

Last updated 12 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms.
Source: secalert@redhat.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B907789-ED9B-49DE-8C2F-29CAC5EBA1CF"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82F35C91-F4A9-46FE-9CCF-142F19B5CD27"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68BEFB84-92B6-4C98-BA2A-C54F261337A4"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD13A4C8-202E-4AF6-8CB3-FE8F444DD274"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB8E429C-9D6B-43A6-91A9-879FD5D4CC92"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E886F2B-26A2-46D8-84AF-997E91167094"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBC1ADD4-DE7C-461C-AB59-A446989DBE07"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AE6ACFB-7DC9-48DB-802B-8AFB99533A3D"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E9B9549-14F2-404D-9F75-8FF56D00DEC5"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "713FC890-282F-4BCC-9466-19F5025886C7"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61DC774A-C3DF-4307-9111-8B45AE079362"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-2.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "319D534E-1670-4384-83E4-3871510545CD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C22BF4F-084B-4BDD-A8B7-8EE95DFC5A99"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-3.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E0D3599-C980-4C51-8998-E7A4E05B1459"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-3.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05B7485A-E39C-482E-A396-17371629EEFF"
          },
          {
            "criteria": "cpe:2.3:a:marvil07:vote_up_down:6.x-3.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "838E6FB9-3A6A-449D-BD60-517E1A306159"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References