Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by danielb
CVE-2012-6645 (GCVE-0-2012-6645)
Vulnerability from nvd – Published: 2014-04-08 14:00 – Updated: 2024-08-06 21:36
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2012-01-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "79015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47943"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "79015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47943"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1432320",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432320"
},
{
"name": "http://drupal.org/node/1432318",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/bc0cc82",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "79015",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
"refsource": "MISC",
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47941"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/58443aa",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/13e2d0c",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"name": "https://drupal.org/node/1432970",
"refsource": "MISC",
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47943"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/758fcf9",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6645",
"datePublished": "2014-04-08T14:00:00.000Z",
"dateReserved": "2014-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:01.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1561 (GCVE-0-2012-1561)
Vulnerability from nvd – Published: 2014-04-08 14:00 – Updated: 2024-08-06 19:01
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://drupal.org/node/1432320 | x_refsource_CONFIRM |
| http://drupal.org/node/1432318 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/03/19/9 | mailing-listx_refsource_MLIST |
| http://www.osvdb.org/79015 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2012/03/16/9 | mailing-listx_refsource_MLIST |
| http://www.madirish.net/content/drupal-finder-6x-… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/47941 | third-party-advisoryx_refsource_SECUNIA |
| http://drupalcode.org/project/finder.git/commit/58443aa | x_refsource_CONFIRM |
| http://drupalcode.org/project/finder.git/commit/13e2d0c | x_refsource_CONFIRM |
| https://drupal.org/node/1432970 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/47943 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-01-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"name": "79015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"checkbox and radio button functionalities.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"name": "79015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"checkbox and radio button functionalities.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1432320",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432320"
},
{
"name": "http://drupal.org/node/1432318",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"name": "79015",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
"refsource": "MISC",
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47941"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/58443aa",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/13e2d0c",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"name": "https://drupal.org/node/1432970",
"refsource": "MISC",
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1561",
"datePublished": "2014-04-08T14:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1649 (GCVE-0-2012-1649)
Vulnerability from nvd – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:01
VLAI
EPSS
VEX
Summary
Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/48196 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/52232 | vdb-entryx_refsource_BID |
| http://drupal.org/node/1461438 | x_refsource_MISC |
| http://www.osvdb.org/79772 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1417186 | x_refsource_CONFIRM |
Date Public
2012-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48196"
},
{
"name": "coolaid-helpmessages-security-bypass(73608)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
},
{
"name": "52232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52232"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1461438"
},
{
"name": "79772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79772"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1417186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48196"
},
{
"name": "coolaid-helpmessages-security-bypass(73608)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
},
{
"name": "52232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52232"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1461438"
},
{
"name": "79772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79772"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1417186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48196"
},
{
"name": "coolaid-helpmessages-security-bypass(73608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
},
{
"name": "52232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52232"
},
{
"name": "http://drupal.org/node/1461438",
"refsource": "MISC",
"url": "http://drupal.org/node/1461438"
},
{
"name": "79772",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79772"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "http://drupal.org/node/1417186",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1417186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1649",
"datePublished": "2012-09-09T21:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1648 (GCVE-0-2012-1648)
Vulnerability from nvd – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:01
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/48196 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/52232 | vdb-entryx_refsource_BID |
| http://drupal.org/node/1461438 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1417186 | x_refsource_CONFIRM |
| http://osvdb.org/79712 | vdb-entryx_refsource_OSVDB |
Date Public
2012-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "coolaid-helpmessages-xss(73607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
},
{
"name": "48196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48196"
},
{
"name": "52232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52232"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1461438"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1417186"
},
{
"name": "79712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "coolaid-helpmessages-xss(73607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
},
{
"name": "48196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48196"
},
{
"name": "52232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52232"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1461438"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1417186"
},
{
"name": "79712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coolaid-helpmessages-xss(73607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
},
{
"name": "48196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48196"
},
{
"name": "52232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52232"
},
{
"name": "http://drupal.org/node/1461438",
"refsource": "MISC",
"url": "http://drupal.org/node/1461438"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "http://drupal.org/node/1417186",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1417186"
},
{
"name": "79712",
"refsource": "OSVDB",
"url": "http://osvdb.org/79712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1648",
"datePublished": "2012-09-09T21:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1641 (GCVE-0-2012-1641)
Vulnerability from nvd – Published: 2012-08-28 16:00 – Updated: 2024-09-16 17:48
VLAI
EPSS
VEX
Summary
The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://drupal.org/node/1432320 | x_refsource_CONFIRM |
| http://www.osvdb.org/79014 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/1432318 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/03/19/9 | mailing-listx_refsource_MLIST |
| http://drupalcode.org/project/finder.git/commit/bc0cc82 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/03/16/9 | mailing-listx_refsource_MLIST |
| http://www.madirish.net/content/drupal-finder-6x-… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-listx_refsource_MLIST |
| https://drupal.org/node/1432970 | x_refsource_MISC |
| http://secunia.com/advisories/47943 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/47915 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432320"
},
{
"name": "79014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47943"
},
{
"name": "47915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-28T16:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432320"
},
{
"name": "79014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47943"
},
{
"name": "47915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1432320",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432320"
},
{
"name": "79014",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79014"
},
{
"name": "http://drupal.org/node/1432318",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/bc0cc82",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
"refsource": "MISC",
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "https://drupal.org/node/1432970",
"refsource": "MISC",
"url": "https://drupal.org/node/1432970"
},
{
"name": "47943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47943"
},
{
"name": "47915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1641",
"datePublished": "2012-08-28T16:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:48:22.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6645 (GCVE-0-2012-6645)
Vulnerability from cvelistv5 – Published: 2014-04-08 14:00 – Updated: 2024-08-06 21:36
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2012-01-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "79015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47943"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "79015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47943"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1432320",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432320"
},
{
"name": "http://drupal.org/node/1432318",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/bc0cc82",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "79015",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
"refsource": "MISC",
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47941"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/58443aa",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/13e2d0c",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"name": "https://drupal.org/node/1432970",
"refsource": "MISC",
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47943"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/758fcf9",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6645",
"datePublished": "2014-04-08T14:00:00.000Z",
"dateReserved": "2014-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:01.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1561 (GCVE-0-2012-1561)
Vulnerability from cvelistv5 – Published: 2014-04-08 14:00 – Updated: 2024-08-06 19:01
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://drupal.org/node/1432320 | x_refsource_CONFIRM |
| http://drupal.org/node/1432318 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/03/19/9 | mailing-listx_refsource_MLIST |
| http://www.osvdb.org/79015 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2012/03/16/9 | mailing-listx_refsource_MLIST |
| http://www.madirish.net/content/drupal-finder-6x-… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/47941 | third-party-advisoryx_refsource_SECUNIA |
| http://drupalcode.org/project/finder.git/commit/58443aa | x_refsource_CONFIRM |
| http://drupalcode.org/project/finder.git/commit/13e2d0c | x_refsource_CONFIRM |
| https://drupal.org/node/1432970 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/47943 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-01-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"name": "79015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"checkbox and radio button functionalities.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"name": "79015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"checkbox and radio button functionalities.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1432320",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432320"
},
{
"name": "http://drupal.org/node/1432318",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"name": "79015",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79015"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
"refsource": "MISC",
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "47941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47941"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/58443aa",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/58443aa"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/13e2d0c",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
},
{
"name": "https://drupal.org/node/1432970",
"refsource": "MISC",
"url": "https://drupal.org/node/1432970"
},
{
"name": "drupal-finder-unspecified-xss(73110)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
},
{
"name": "47943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1561",
"datePublished": "2014-04-08T14:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1648 (GCVE-0-2012-1648)
Vulnerability from cvelistv5 – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:01
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/48196 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/52232 | vdb-entryx_refsource_BID |
| http://drupal.org/node/1461438 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1417186 | x_refsource_CONFIRM |
| http://osvdb.org/79712 | vdb-entryx_refsource_OSVDB |
Date Public
2012-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "coolaid-helpmessages-xss(73607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
},
{
"name": "48196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48196"
},
{
"name": "52232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52232"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1461438"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1417186"
},
{
"name": "79712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "coolaid-helpmessages-xss(73607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
},
{
"name": "48196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48196"
},
{
"name": "52232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52232"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1461438"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1417186"
},
{
"name": "79712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coolaid-helpmessages-xss(73607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
},
{
"name": "48196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48196"
},
{
"name": "52232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52232"
},
{
"name": "http://drupal.org/node/1461438",
"refsource": "MISC",
"url": "http://drupal.org/node/1461438"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "http://drupal.org/node/1417186",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1417186"
},
{
"name": "79712",
"refsource": "OSVDB",
"url": "http://osvdb.org/79712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1648",
"datePublished": "2012-09-09T21:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1649 (GCVE-0-2012-1649)
Vulnerability from cvelistv5 – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:01
VLAI
EPSS
VEX
Summary
Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/48196 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/52232 | vdb-entryx_refsource_BID |
| http://drupal.org/node/1461438 | x_refsource_MISC |
| http://www.osvdb.org/79772 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1417186 | x_refsource_CONFIRM |
Date Public
2012-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48196"
},
{
"name": "coolaid-helpmessages-security-bypass(73608)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
},
{
"name": "52232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52232"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1461438"
},
{
"name": "79772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79772"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1417186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48196"
},
{
"name": "coolaid-helpmessages-security-bypass(73608)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
},
{
"name": "52232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52232"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1461438"
},
{
"name": "79772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79772"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1417186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48196"
},
{
"name": "coolaid-helpmessages-security-bypass(73608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
},
{
"name": "52232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52232"
},
{
"name": "http://drupal.org/node/1461438",
"refsource": "MISC",
"url": "http://drupal.org/node/1461438"
},
{
"name": "79772",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79772"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "http://drupal.org/node/1417186",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1417186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1649",
"datePublished": "2012-09-09T21:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1641 (GCVE-0-2012-1641)
Vulnerability from cvelistv5 – Published: 2012-08-28 16:00 – Updated: 2024-09-16 17:48
VLAI
EPSS
VEX
Summary
The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://drupal.org/node/1432320 | x_refsource_CONFIRM |
| http://www.osvdb.org/79014 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/1432318 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/03/19/9 | mailing-listx_refsource_MLIST |
| http://drupalcode.org/project/finder.git/commit/bc0cc82 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/03/16/9 | mailing-listx_refsource_MLIST |
| http://www.madirish.net/content/drupal-finder-6x-… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-listx_refsource_MLIST |
| https://drupal.org/node/1432970 | x_refsource_MISC |
| http://secunia.com/advisories/47943 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/47915 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432320"
},
{
"name": "79014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47943"
},
{
"name": "47915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-28T16:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432320"
},
{
"name": "79014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/1432970"
},
{
"name": "47943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47943"
},
{
"name": "47915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1432320",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432320"
},
{
"name": "79014",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79014"
},
{
"name": "http://drupal.org/node/1432318",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1432318"
},
{
"name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
},
{
"name": "http://drupalcode.org/project/finder.git/commit/bc0cc82",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
},
{
"name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
},
{
"name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
"refsource": "MISC",
"url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "https://drupal.org/node/1432970",
"refsource": "MISC",
"url": "https://drupal.org/node/1432970"
},
{
"name": "47943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47943"
},
{
"name": "47915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1641",
"datePublished": "2012-08-28T16:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:48:22.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}