All the vulnerabilites related to thomas_seidl - search_api
cve-2012-2712
Vulnerability from cvelistv5
Published
2012-06-27 00:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupalcode.org/project/search_api.git/commitdiff/5a18c8c | x_refsource_CONFIRM | |
| http://drupal.org/node/1597364 | x_refsource_MISC | |
| http://secunia.com/advisories/49236 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/06/14/3 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75868 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/82230 | vdb-entry, x_refsource_OSVDB | |
| http://drupal.org/node/1596524 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/53672 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/search_api.git/commitdiff/5a18c8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1597364"
},
{
"name": "49236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49236"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "searchapi-exceptions-errors-xss(75868)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75868"
},
{
"name": "82230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/82230"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1596524"
},
{
"name": "53672",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/search_api.git/commitdiff/5a18c8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1597364"
},
{
"name": "49236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49236"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "searchapi-exceptions-errors-xss(75868)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75868"
},
{
"name": "82230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/82230"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1596524"
},
{
"name": "53672",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupalcode.org/project/search_api.git/commitdiff/5a18c8c",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/search_api.git/commitdiff/5a18c8c"
},
{
"name": "http://drupal.org/node/1597364",
"refsource": "MISC",
"url": "http://drupal.org/node/1597364"
},
{
"name": "49236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49236"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "searchapi-exceptions-errors-xss(75868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75868"
},
{
"name": "82230",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82230"
},
{
"name": "http://drupal.org/node/1596524",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1596524"
},
{
"name": "53672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2712",
"datePublished": "2012-06-27T00:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0181
Vulnerability from cvelistv5
Published
2013-03-27 21:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/89117 | vdb-entry, x_refsource_OSVDB | |
| http://drupalcode.org/project/search_api.git/commitdiff/35b5728 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51806 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2013/01/15/3 | mailing-list, x_refsource_MLIST | |
| https://drupal.org/node/1884076 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/57231 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81153 | vdb-entry, x_refsource_XF | |
| https://drupal.org/node/1884332 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "89117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/search_api.git/commitdiff/35b5728"
},
{
"name": "51806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51806"
},
{
"name": "[oss-security] 20130114 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/15/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/1884076"
},
{
"name": "57231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57231"
},
{
"name": "drupal-searchapi-unspecified-xss(81153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81153"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/1884332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "89117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/search_api.git/commitdiff/35b5728"
},
{
"name": "51806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51806"
},
{
"name": "[oss-security] 20130114 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/15/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/1884076"
},
{
"name": "57231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57231"
},
{
"name": "drupal-searchapi-unspecified-xss(81153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81153"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/1884332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "89117",
"refsource": "OSVDB",
"url": "http://osvdb.org/89117"
},
{
"name": "http://drupalcode.org/project/search_api.git/commitdiff/35b5728",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/search_api.git/commitdiff/35b5728"
},
{
"name": "51806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51806"
},
{
"name": "[oss-security] 20130114 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/15/3"
},
{
"name": "https://drupal.org/node/1884076",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/1884076"
},
{
"name": "57231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57231"
},
{
"name": "drupal-searchapi-unspecified-xss(81153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81153"
},
{
"name": "https://drupal.org/node/1884332",
"refsource": "MISC",
"url": "https://drupal.org/node/1884332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0181",
"datePublished": "2013-03-27T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5547
Vulnerability from cvelistv5
Published
2012-12-03 21:00
Modified
2024-09-17 03:14
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/1815770 | x_refsource_MISC | |
| http://drupal.org/node/1815124 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/20/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:14.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1815770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1815124"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-03T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1815770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1815124"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1815770",
"refsource": "MISC",
"url": "http://drupal.org/node/1815770"
},
{
"name": "http://drupal.org/node/1815124",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1815124"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5547",
"datePublished": "2012-12-03T21:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-17T03:14:06.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2715
Vulnerability from cvelistv5
Published
2013-03-27 21:00
Modified
2024-08-06 15:44
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/89116 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/51806 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2013/01/15/3 | mailing-list, x_refsource_MLIST | |
| http://drupalcode.org/project/search_api.git/commitdiff/d22cf53 | x_refsource_CONFIRM | |
| https://drupal.org/node/1884076 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81154 | vdb-entry, x_refsource_XF | |
| https://drupal.org/node/1884332 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "89116",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89116"
},
{
"name": "51806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51806"
},
{
"name": "[oss-security] 20130114 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/15/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/search_api.git/commitdiff/d22cf53"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/1884076"
},
{
"name": "drupal-searchapi-fieldnames-xss(81154)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81154"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/1884332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "89116",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89116"
},
{
"name": "51806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51806"
},
{
"name": "[oss-security] 20130114 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/15/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/search_api.git/commitdiff/d22cf53"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/1884076"
},
{
"name": "drupal-searchapi-fieldnames-xss(81154)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81154"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/1884332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "89116",
"refsource": "OSVDB",
"url": "http://osvdb.org/89116"
},
{
"name": "51806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51806"
},
{
"name": "[oss-security] 20130114 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/15/3"
},
{
"name": "http://drupalcode.org/project/search_api.git/commitdiff/d22cf53",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/search_api.git/commitdiff/d22cf53"
},
{
"name": "https://drupal.org/node/1884076",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/1884076"
},
{
"name": "drupal-searchapi-fieldnames-xss(81154)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81154"
},
{
"name": "https://drupal.org/node/1884332",
"refsource": "MISC",
"url": "https://drupal.org/node/1884332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2715",
"datePublished": "2013-03-27T21:00:00",
"dateReserved": "2013-03-27T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-06-27 00:55
Modified
2024-11-21 01:39
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2AB57F-CE66-4592-BE8D-54F8CA2541EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "14B38EFB-3FF4-4913-AC01-989D607B939E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "8D295DF2-D19B-461D-88C8-73D47E30A372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "62A480F5-6F09-4B13-A0E9-2354D6278623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "424D71B8-8967-47E4-876F-9C8EFB911FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "6E6046E7-E785-44D6-8A68-08B3668CEEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "7822CF23-9363-414B-9170-162F86A11596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "EA11D4BC-6282-4711-9C84-ED9A535E9E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "6E9A810B-75B0-4D59-B02D-0EC5CD864547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "E974B710-A35D-414D-BE38-C6A93159F2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "E6B3A0F6-83D1-4FEB-90B7-70175820321F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F876DCAA-43BF-436D-AC11-0AEB02ED2FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "7C495A87-A4CE-456E-BF41-3C3077609A6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors."
},
{
"lang": "es",
"value": "M\u00fatiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Search API v7.x-1.x anterior a v7.x-1.1 para Drupal, cuando el apoyo a la introducci\u00f3n manual de los identificadores de campo, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionado con las excepciones producidas y los errores de registro"
}
],
"id": "CVE-2012-2712",
"lastModified": "2024-11-21T01:39:29.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-27T00:55:04.740",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1596524"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1597364"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/search_api.git/commitdiff/5a18c8c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49236"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/82230"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53672"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1596524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1597364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/search_api.git/commitdiff/5a18c8c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/82230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75868"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-27 21:55
Modified
2024-11-21 01:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.1 | |
| thomas_seidl | search_api | 7.x-1.2 | |
| thomas_seidl | search_api | 7.x-1.3 | |
| thomas_seidl | search_api | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2AB57F-CE66-4592-BE8D-54F8CA2541EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "14B38EFB-3FF4-4913-AC01-989D607B939E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "8D295DF2-D19B-461D-88C8-73D47E30A372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "62A480F5-6F09-4B13-A0E9-2354D6278623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "424D71B8-8967-47E4-876F-9C8EFB911FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "6E6046E7-E785-44D6-8A68-08B3668CEEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "7822CF23-9363-414B-9170-162F86A11596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "EA11D4BC-6282-4711-9C84-ED9A535E9E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "6E9A810B-75B0-4D59-B02D-0EC5CD864547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "E974B710-A35D-414D-BE38-C6A93159F2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "E6B3A0F6-83D1-4FEB-90B7-70175820321F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F876DCAA-43BF-436D-AC11-0AEB02ED2FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3863F7DF-D7FF-4189-BD50-1309241EA4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E42D1BCF-6994-434A-94DF-9AEDB1ED4B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B334570-6DA2-49F4-B0A4-4D88E9A9B935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "7C495A87-A4CE-456E-BF41-3C3077609A6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el modulo Search API (search_api) v7.x-1.x anterior a v7.x-1.4 para Drupal permite a usuarios remotos autenticados con cierta permisos para inyectar secuencias de comandos web o HTML a trav\u00e9s de la modificaci\u00f3n del campo \"name\"."
}
],
"id": "CVE-2013-2715",
"lastModified": "2024-11-21T01:52:13.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-27T21:55:03.587",
"references": [
{
"source": "cve@mitre.org",
"url": "http://drupalcode.org/project/search_api.git/commitdiff/d22cf53"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/89116"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/51806"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/01/15/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/1884076"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/1884332"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/search_api.git/commitdiff/d22cf53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/89116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/01/15/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/1884076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/1884332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81154"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-27 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.1 | |
| thomas_seidl | search_api | 7.x-1.2 | |
| thomas_seidl | search_api | 7.x-1.3 | |
| thomas_seidl | search_api | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2AB57F-CE66-4592-BE8D-54F8CA2541EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "14B38EFB-3FF4-4913-AC01-989D607B939E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "8D295DF2-D19B-461D-88C8-73D47E30A372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "62A480F5-6F09-4B13-A0E9-2354D6278623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "424D71B8-8967-47E4-876F-9C8EFB911FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "6E6046E7-E785-44D6-8A68-08B3668CEEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "7822CF23-9363-414B-9170-162F86A11596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "EA11D4BC-6282-4711-9C84-ED9A535E9E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "6E9A810B-75B0-4D59-B02D-0EC5CD864547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "E974B710-A35D-414D-BE38-C6A93159F2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "E6B3A0F6-83D1-4FEB-90B7-70175820321F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F876DCAA-43BF-436D-AC11-0AEB02ED2FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3863F7DF-D7FF-4189-BD50-1309241EA4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E42D1BCF-6994-434A-94DF-9AEDB1ED4B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B334570-6DA2-49F4-B0A4-4D88E9A9B935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "7C495A87-A4CE-456E-BF41-3C3077609A6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Views en el API Search (search_api) m\u00f3dulo v7.x-1.x antes de v7.x-1.4 para Drupal, cuando se utilizan backends o ciertas facetas, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la entrada no especificada,lo que se devuelve un mensaje de error."
}
],
"id": "CVE-2013-0181",
"lastModified": "2024-11-21T01:47:00.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-27T21:55:01.477",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://drupalcode.org/project/search_api.git/commitdiff/35b5728"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/89117"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/51806"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/01/15/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57231"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/1884076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/1884332"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/search_api.git/commitdiff/35b5728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/89117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/01/15/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/1884076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/1884332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81153"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-03 21:55
Modified
2024-11-21 01:44
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.0 | |
| thomas_seidl | search_api | 7.x-1.1 | |
| thomas_seidl | search_api | 7.x-1.2 | |
| thomas_seidl | search_api | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2AB57F-CE66-4592-BE8D-54F8CA2541EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "14B38EFB-3FF4-4913-AC01-989D607B939E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "8D295DF2-D19B-461D-88C8-73D47E30A372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "62A480F5-6F09-4B13-A0E9-2354D6278623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "424D71B8-8967-47E4-876F-9C8EFB911FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "6E6046E7-E785-44D6-8A68-08B3668CEEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "7822CF23-9363-414B-9170-162F86A11596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "EA11D4BC-6282-4711-9C84-ED9A535E9E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "6E9A810B-75B0-4D59-B02D-0EC5CD864547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "E974B710-A35D-414D-BE38-C6A93159F2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "E6B3A0F6-83D1-4FEB-90B7-70175820321F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F876DCAA-43BF-436D-AC11-0AEB02ED2FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3863F7DF-D7FF-4189-BD50-1309241EA4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E42D1BCF-6994-434A-94DF-9AEDB1ED4B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_seidl:search_api:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "7C495A87-A4CE-456E-BF41-3C3077609A6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en el m\u00f3dulo Search API v7.x-1.x antes de v7.x-1.3 para Drupal, permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores en peticiones que (1) habilitan un servidor a trav\u00e9s de una acci\u00f3n de servidor o (2) habilitan un \u00edndice de b\u00fasqueda a trav\u00e9s de una acci\u00f3n de \u00edndice."
}
],
"id": "CVE-2012-5547",
"lastModified": "2024-11-21T01:44:51.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-03T21:55:02.407",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1815124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1815770"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1815124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1815770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}