Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by danielb

    CVE-2012-6645 (GCVE-0-2012-6645)

    Vulnerability from nvd – Published: 2014-04-08 14:00 – Updated: 2024-08-06 21:36
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-01-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:36:01.914Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432320"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432318"
              },
              {
                "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
              },
              {
                "name": "79015",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/79015"
              },
              {
                "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "name": "47941",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47941"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/1432970"
              },
              {
                "name": "drupal-finder-unspecified-xss(73110)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
              },
              {
                "name": "47943",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47943"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432320"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432318"
            },
            {
              "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
            },
            {
              "name": "79015",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/79015"
            },
            {
              "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "name": "47941",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47941"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/1432970"
            },
            {
              "name": "drupal-finder-unspecified-xss(73110)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
            },
            {
              "name": "47943",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47943"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-6645",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/1432320",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432320"
                },
                {
                  "name": "http://drupal.org/node/1432318",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432318"
                },
                {
                  "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/bc0cc82",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
                },
                {
                  "name": "79015",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/79015"
                },
                {
                  "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
                },
                {
                  "name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "47941",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47941"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/58443aa",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/13e2d0c",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
                },
                {
                  "name": "https://drupal.org/node/1432970",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/1432970"
                },
                {
                  "name": "drupal-finder-unspecified-xss(73110)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
                },
                {
                  "name": "47943",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47943"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/758fcf9",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-6645",
        "datePublished": "2014-04-08T14:00:00.000Z",
        "dateReserved": "2014-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:36:01.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1561 (GCVE-0-2012-1561)

    Vulnerability from nvd – Published: 2014-04-08 14:00 – Updated: 2024-08-06 19:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-01-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:02.803Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432320"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432318"
              },
              {
                "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
              },
              {
                "name": "79015",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/79015"
              },
              {
                "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "name": "47941",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47941"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/1432970"
              },
              {
                "name": "drupal-finder-unspecified-xss(73110)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
              },
              {
                "name": "47943",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47943"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"checkbox and radio button functionalities.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432320"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432318"
            },
            {
              "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
            },
            {
              "name": "79015",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/79015"
            },
            {
              "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "name": "47941",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47941"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/1432970"
            },
            {
              "name": "drupal-finder-unspecified-xss(73110)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
            },
            {
              "name": "47943",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47943"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1561",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"checkbox and radio button functionalities.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/1432320",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432320"
                },
                {
                  "name": "http://drupal.org/node/1432318",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432318"
                },
                {
                  "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
                },
                {
                  "name": "79015",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/79015"
                },
                {
                  "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
                },
                {
                  "name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "47941",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47941"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/58443aa",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/13e2d0c",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
                },
                {
                  "name": "https://drupal.org/node/1432970",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/1432970"
                },
                {
                  "name": "drupal-finder-unspecified-xss(73110)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
                },
                {
                  "name": "47943",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47943"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1561",
        "datePublished": "2014-04-08T14:00:00.000Z",
        "dateReserved": "2012-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:01:02.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1649 (GCVE-0-2012-1649)

    Vulnerability from nvd – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:01
    VLAI
    Summary
    Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/48196 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/52232 vdb-entryx_refsource_BID
    http://drupal.org/node/1461438 x_refsource_MISC
    http://www.osvdb.org/79772 vdb-entryx_refsource_OSVDB
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    http://drupal.org/node/1417186 x_refsource_CONFIRM
    Date Public
    2012-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:02.866Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "48196",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48196"
              },
              {
                "name": "coolaid-helpmessages-security-bypass(73608)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
              },
              {
                "name": "52232",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52232"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1461438"
              },
              {
                "name": "79772",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/79772"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1417186"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "48196",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48196"
            },
            {
              "name": "coolaid-helpmessages-security-bypass(73608)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
            },
            {
              "name": "52232",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52232"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1461438"
            },
            {
              "name": "79772",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/79772"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1417186"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "48196",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48196"
                },
                {
                  "name": "coolaid-helpmessages-security-bypass(73608)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
                },
                {
                  "name": "52232",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52232"
                },
                {
                  "name": "http://drupal.org/node/1461438",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1461438"
                },
                {
                  "name": "79772",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/79772"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "http://drupal.org/node/1417186",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1417186"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1649",
        "datePublished": "2012-09-09T21:00:00.000Z",
        "dateReserved": "2012-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:01:02.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1648 (GCVE-0-2012-1648)

    Vulnerability from nvd – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/48196 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/52232 vdb-entryx_refsource_BID
    http://drupal.org/node/1461438 x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    http://drupal.org/node/1417186 x_refsource_CONFIRM
    http://osvdb.org/79712 vdb-entryx_refsource_OSVDB
    Date Public
    2012-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:02.906Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "coolaid-helpmessages-xss(73607)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
              },
              {
                "name": "48196",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48196"
              },
              {
                "name": "52232",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52232"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1461438"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1417186"
              },
              {
                "name": "79712",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/79712"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "coolaid-helpmessages-xss(73607)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
            },
            {
              "name": "48196",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48196"
            },
            {
              "name": "52232",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52232"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1461438"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1417186"
            },
            {
              "name": "79712",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/79712"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1648",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "coolaid-helpmessages-xss(73607)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
                },
                {
                  "name": "48196",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48196"
                },
                {
                  "name": "52232",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52232"
                },
                {
                  "name": "http://drupal.org/node/1461438",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1461438"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "http://drupal.org/node/1417186",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1417186"
                },
                {
                  "name": "79712",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/79712"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1648",
        "datePublished": "2012-09-09T21:00:00.000Z",
        "dateReserved": "2012-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:01:02.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1641 (GCVE-0-2012-1641)

    Vulnerability from nvd – Published: 2012-08-28 16:00 – Updated: 2024-09-16 17:48
    VLAI
    Summary
    The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/1432320 x_refsource_CONFIRM
    http://www.osvdb.org/79014 vdb-entryx_refsource_OSVDB
    http://drupal.org/node/1432318 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/03/19/9 mailing-listx_refsource_MLIST
    http://drupalcode.org/project/finder.git/commit/bc0cc82 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/03/16/9 mailing-listx_refsource_MLIST
    http://www.madirish.net/content/drupal-finder-6x-… x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    https://drupal.org/node/1432970 x_refsource_MISC
    http://secunia.com/advisories/47943 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/47915 third-party-advisoryx_refsource_SECUNIA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:02.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432320"
              },
              {
                "name": "79014",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/79014"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432318"
              },
              {
                "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
              },
              {
                "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/1432970"
              },
              {
                "name": "47943",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47943"
              },
              {
                "name": "47915",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47915"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-28T16:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432320"
            },
            {
              "name": "79014",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/79014"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432318"
            },
            {
              "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
            },
            {
              "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/1432970"
            },
            {
              "name": "47943",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47943"
            },
            {
              "name": "47915",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47915"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/1432320",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432320"
                },
                {
                  "name": "79014",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/79014"
                },
                {
                  "name": "http://drupal.org/node/1432318",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432318"
                },
                {
                  "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/bc0cc82",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
                },
                {
                  "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
                },
                {
                  "name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "https://drupal.org/node/1432970",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/1432970"
                },
                {
                  "name": "47943",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47943"
                },
                {
                  "name": "47915",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47915"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1641",
        "datePublished": "2012-08-28T16:00:00.000Z",
        "dateReserved": "2012-03-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:48:22.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6645 (GCVE-0-2012-6645)

    Vulnerability from cvelistv5 – Published: 2014-04-08 14:00 – Updated: 2024-08-06 21:36
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-01-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:36:01.914Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432320"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432318"
              },
              {
                "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
              },
              {
                "name": "79015",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/79015"
              },
              {
                "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "name": "47941",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47941"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/1432970"
              },
              {
                "name": "drupal-finder-unspecified-xss(73110)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
              },
              {
                "name": "47943",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47943"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432320"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432318"
            },
            {
              "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
            },
            {
              "name": "79015",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/79015"
            },
            {
              "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "name": "47941",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47941"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/1432970"
            },
            {
              "name": "drupal-finder-unspecified-xss(73110)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
            },
            {
              "name": "47943",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47943"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-6645",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/1432320",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432320"
                },
                {
                  "name": "http://drupal.org/node/1432318",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432318"
                },
                {
                  "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/bc0cc82",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
                },
                {
                  "name": "79015",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/79015"
                },
                {
                  "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
                },
                {
                  "name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "47941",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47941"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/58443aa",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/13e2d0c",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
                },
                {
                  "name": "https://drupal.org/node/1432970",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/1432970"
                },
                {
                  "name": "drupal-finder-unspecified-xss(73110)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
                },
                {
                  "name": "47943",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47943"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/758fcf9",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/758fcf9"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-6645",
        "datePublished": "2014-04-08T14:00:00.000Z",
        "dateReserved": "2014-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:36:01.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1561 (GCVE-0-2012-1561)

    Vulnerability from cvelistv5 – Published: 2014-04-08 14:00 – Updated: 2024-08-06 19:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-01-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:02.803Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432320"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432318"
              },
              {
                "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
              },
              {
                "name": "79015",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/79015"
              },
              {
                "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "name": "47941",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47941"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/1432970"
              },
              {
                "name": "drupal-finder-unspecified-xss(73110)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
              },
              {
                "name": "47943",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47943"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"checkbox and radio button functionalities.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432320"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432318"
            },
            {
              "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
            },
            {
              "name": "79015",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/79015"
            },
            {
              "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "name": "47941",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47941"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/1432970"
            },
            {
              "name": "drupal-finder-unspecified-xss(73110)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
            },
            {
              "name": "47943",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47943"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1561",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"checkbox and radio button functionalities.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/1432320",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432320"
                },
                {
                  "name": "http://drupal.org/node/1432318",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432318"
                },
                {
                  "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
                },
                {
                  "name": "79015",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/79015"
                },
                {
                  "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
                },
                {
                  "name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "47941",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47941"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/58443aa",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/58443aa"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/13e2d0c",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c"
                },
                {
                  "name": "https://drupal.org/node/1432970",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/1432970"
                },
                {
                  "name": "drupal-finder-unspecified-xss(73110)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110"
                },
                {
                  "name": "47943",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47943"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1561",
        "datePublished": "2014-04-08T14:00:00.000Z",
        "dateReserved": "2012-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:01:02.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1648 (GCVE-0-2012-1648)

    Vulnerability from cvelistv5 – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/48196 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/52232 vdb-entryx_refsource_BID
    http://drupal.org/node/1461438 x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    http://drupal.org/node/1417186 x_refsource_CONFIRM
    http://osvdb.org/79712 vdb-entryx_refsource_OSVDB
    Date Public
    2012-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:02.906Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "coolaid-helpmessages-xss(73607)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
              },
              {
                "name": "48196",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48196"
              },
              {
                "name": "52232",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52232"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1461438"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1417186"
              },
              {
                "name": "79712",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/79712"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "coolaid-helpmessages-xss(73607)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
            },
            {
              "name": "48196",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48196"
            },
            {
              "name": "52232",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52232"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1461438"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1417186"
            },
            {
              "name": "79712",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/79712"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1648",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "coolaid-helpmessages-xss(73607)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73607"
                },
                {
                  "name": "48196",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48196"
                },
                {
                  "name": "52232",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52232"
                },
                {
                  "name": "http://drupal.org/node/1461438",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1461438"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "http://drupal.org/node/1417186",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1417186"
                },
                {
                  "name": "79712",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/79712"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1648",
        "datePublished": "2012-09-09T21:00:00.000Z",
        "dateReserved": "2012-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:01:02.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1649 (GCVE-0-2012-1649)

    Vulnerability from cvelistv5 – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:01
    VLAI
    Summary
    Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/48196 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/52232 vdb-entryx_refsource_BID
    http://drupal.org/node/1461438 x_refsource_MISC
    http://www.osvdb.org/79772 vdb-entryx_refsource_OSVDB
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    http://drupal.org/node/1417186 x_refsource_CONFIRM
    Date Public
    2012-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:02.866Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "48196",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48196"
              },
              {
                "name": "coolaid-helpmessages-security-bypass(73608)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
              },
              {
                "name": "52232",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52232"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1461438"
              },
              {
                "name": "79772",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/79772"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1417186"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "48196",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48196"
            },
            {
              "name": "coolaid-helpmessages-security-bypass(73608)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
            },
            {
              "name": "52232",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52232"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1461438"
            },
            {
              "name": "79772",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/79772"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1417186"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "48196",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48196"
                },
                {
                  "name": "coolaid-helpmessages-security-bypass(73608)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"
                },
                {
                  "name": "52232",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52232"
                },
                {
                  "name": "http://drupal.org/node/1461438",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1461438"
                },
                {
                  "name": "79772",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/79772"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "http://drupal.org/node/1417186",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1417186"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1649",
        "datePublished": "2012-09-09T21:00:00.000Z",
        "dateReserved": "2012-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:01:02.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1641 (GCVE-0-2012-1641)

    Vulnerability from cvelistv5 – Published: 2012-08-28 16:00 – Updated: 2024-09-16 17:48
    VLAI
    Summary
    The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/1432320 x_refsource_CONFIRM
    http://www.osvdb.org/79014 vdb-entryx_refsource_OSVDB
    http://drupal.org/node/1432318 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/03/19/9 mailing-listx_refsource_MLIST
    http://drupalcode.org/project/finder.git/commit/bc0cc82 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/03/16/9 mailing-listx_refsource_MLIST
    http://www.madirish.net/content/drupal-finder-6x-… x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    https://drupal.org/node/1432970 x_refsource_MISC
    http://secunia.com/advisories/47943 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/47915 third-party-advisoryx_refsource_SECUNIA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:02.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432320"
              },
              {
                "name": "79014",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/79014"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1432318"
              },
              {
                "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
              },
              {
                "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/1432970"
              },
              {
                "name": "47943",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47943"
              },
              {
                "name": "47915",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47915"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-28T16:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432320"
            },
            {
              "name": "79014",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/79014"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1432318"
            },
            {
              "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
            },
            {
              "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/1432970"
            },
            {
              "name": "47943",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47943"
            },
            {
              "name": "47915",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47915"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/1432320",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432320"
                },
                {
                  "name": "79014",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/79014"
                },
                {
                  "name": "http://drupal.org/node/1432318",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1432318"
                },
                {
                  "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9"
                },
                {
                  "name": "http://drupalcode.org/project/finder.git/commit/bc0cc82",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82"
                },
                {
                  "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9"
                },
                {
                  "name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "https://drupal.org/node/1432970",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/1432970"
                },
                {
                  "name": "47943",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47943"
                },
                {
                  "name": "47915",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47915"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1641",
        "datePublished": "2012-08-28T16:00:00.000Z",
        "dateReserved": "2012-03-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:48:22.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }