CVE-2012-6583

Опубликовано: 23 авг. 2013

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name.

Ссылки

http://osvdb.org/85679
http://secunia.com/advisories/50683
Vendor Advisory
http://www.securityfocus.com/bid/55610
https://drupal.org/node/1788726
Patch
https://drupal.org/node/1789260
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/78697
http://osvdb.org/85679
http://secunia.com/advisories/50683
Vendor Advisory
http://www.securityfocus.com/bid/55610
https://drupal.org/node/1788726
Patch
https://drupal.org/node/1789260
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/78697

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:imagemenu_project:imagemenu:6.x-1.0:*:*:*:*:*:*:*

cpe:2.3:a:imagemenu_project:imagemenu:6.x-1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:imagemenu_project:imagemenu:6.x-1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:imagemenu_project:imagemenu:6.x-1.0:rc3:*:*:*:*:*:*

cpe:2.3:a:imagemenu_project:imagemenu:6.x-1.0:rc4:*:*:*:*:*:*

cpe:2.3:a:imagemenu_project:imagemenu:6.x-1.0:rc5:*:*:*:*:*:*

cpe:2.3:a:imagemenu_project:imagemenu:6.x-1.1:*:*:*:*:*:*:*

cpe:2.3:a:imagemenu_project:imagemenu:6.x-1.2:*:*:*:*:*:*:*

cpe:2.3:a:imagemenu_project:imagemenu:6.x-1.3:*:*:*:*:*:*:*

cpe:2.3:a:imagemenu_project:imagemenu:6.x-1.x:dev:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00335

Низкий

2.1 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vp4v-c5px-9wg2

github

около 3 лет назад