CVE-2012-6572

Published Jun 21, 2013

Last updated 7 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AE369F0-AE6A-4960-8292-1F62C4572B60"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.0-beta1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D90C6F86-56EE-49EC-B98D-8D080A48BE04"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.0-beta2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5678B885-1319-4797-81E9-6E273DBF1D89"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F480C048-D5BB-44E7-9CF6-CAD92883277C"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B593433-E784-4408-AB13-46205D41F170"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DC11E42-183F-4F2E-BBB4-0E4A75E25029"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70D2002B-1D1C-4522-84BF-CA848791F3D3"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B1297E1-9648-47D8-8795-3EF3A2B40924"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8796DCF4-23C0-4BB2-92C7-65A454367846"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68C864EA-4763-4A26-BE59-AB7F979726BB"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE6A6F36-129A-4B3F-A6A8-66F22FE88ADE"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1EBA1D4-4E40-434D-BFB3-3D0709643674"
          },
          {
            "criteria": "cpe:2.3:a:kong:inf08:6.x-1.x-dev:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D6836EA-841C-4C9A-B6F0-ED0AA72BCAE9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References