CVE-2012-1654

Published Sep 18, 2012

Last updated 3 months ago

CVSS info 2.1

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB728639-2074-4D1B-B2F8-340CC11D9A0F"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DDA6641-8C03-441F-9FBD-FE94631D5B76"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9CB631D-DA3B-42ED-97A7-4CFF0314EC1A"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54507125-93C3-46E7-9579-68C7F202C48B"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57FD52AA-026E-498F-A8ED-8E3992089EED"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00E5B498-BBBF-4696-AE8F-9DCC3B445ED2"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7E7DD44-0469-4EE8-937D-0A567FABB195"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61F28522-D5D0-44F7-B946-8A8F59286FE0"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B51D3A98-B9CC-460B-AF52-17177753B9D1"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2961C9CB-0DEE-4564-8BBB-EEEAC33462E3"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05C2A3F7-D562-4804-968C-D2F3880CF1B9"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C437C5F7-06C1-4205-81E0-086AB4AF02B3"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A865BF6-88A2-45BF-8241-3CA4F5490B7B"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.0:alpha9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03BDEBCD-9BC0-47DD-AF9F-1A05226057CB"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:6.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EC3708D-5380-4089-A575-652938360E71"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:7.x-1.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A777509-4DA9-47E3-BC1A-DD30FA2809D3"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:7.x-1.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "640F87B6-57F9-4554-B043-798F9035E951"
          },
          {
            "criteria": "cpe:2.3:a:alex_barth:data:7.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F48C3ABD-943B-4463-852D-833327A465F4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References