exploitDog

CVE-2012-5705

Опубликовано: 01 нояб. 2012

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:justin_dodge:hotblocks:6.x-1.5:*:*:*:*:*:*:*

cpe:2.3:a:justin_dodge:hotblocks:6.x-1.6:*:*:*:*:*:*:*

cpe:2.3:a:justin_dodge:hotblocks:6.x-1.7:*:*:*:*:*:*:*

cpe:2.3:a:justin_dodge:hotblocks:6.x-1.x:dev:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00232

Низкий

2.1 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-65mg-2397-hph9

github

около 3 лет назад

Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."

EPSS

Процентиль: 46%

0.00232

Низкий

2.1 Low

CVSS2

Дефекты

CWE-79