CVE-2012-2703
Published Jun 27, 2012
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php."
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAD47B31-B8A7-46FA-B325-126CDFAC8071"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.0:alpha1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B87E3AFE-D34A-417B-9DC9-CF410BFD22D3"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.0:alpha2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93BE3F3F-942A-45F2-9070-8AB64BF2194E"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D270452-8964-4881-928B-14CD330ED054"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42C07D4A-3050-43A1-920A-CCC9EFC3F007"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.0:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29F34825-9D5F-45EF-BB31-36F928322824"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.0:beta4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "947DCCEA-144E-4A86-8E48-10AD73ADF69F"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.0:beta5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EDF5EE1-2DC4-4A2F-BFBA-6733712DA380"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.0:beta6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13A2A021-9811-48DE-85DC-9977A1F987AC"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.0-rc1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D59682D-C67A-45EA-8B87-7AF802EC12EA"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66C4505D-8AEA-42E7-A1B6-C82F5C03C672"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.1:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C046B0A-50FB-4AFD-A0F6-C7404D83C677"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "156BDB19-33A4-4B42-821F-9E738EAAAA40"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.2:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B337EC9F-6B83-4825-8B36-6D62459FF466"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.3:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6310D3F-BE5A-4EA9-AD7D-0D35D38C3752"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.3:dev:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E556220B-E3B1-434C-A040-2E7F0E66AFB5"
},
{
"criteria": "cpe:2.3:a:john_franklin:advertisement:6.x-2.x:dev:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E89403F8-8E75-4CAD-BF67-6B66A794B16C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]