Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by nancy_wichmann
CVE-2012-4500 (GCVE-0-2012-4500)
Vulnerability from nvd – Published: 2012-10-31 16:00 – Updated: 2024-08-06 20:35
VLAI
EPSS
VEX
Summary
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/10/04/6 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1761038 | x_refsource_CONFIRM |
| http://drupal.org/node/1762480 | x_refsource_MISC |
| http://www.securityfocus.com/bid/55283 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2012/10/07/1 | mailing-listx_refsource_MLIST |
Date Public
2012-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1761038"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1762480"
},
{
"name": "55283",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55283"
},
{
"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the \"access announcements\" permission to bypass node access restrictions and possibly have other unspecified impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-02T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1761038"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1762480"
},
{
"name": "55283",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55283"
},
{
"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the \"access announcements\" permission to bypass node access restrictions and possibly have other unspecified impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
},
{
"name": "http://drupal.org/node/1761038",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1761038"
},
{
"name": "http://drupal.org/node/1762480",
"refsource": "MISC",
"url": "http://drupal.org/node/1762480"
},
{
"name": "55283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55283"
},
{
"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4500",
"datePublished": "2012-10-31T16:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:09.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2298 (GCVE-0-2012-2298)
Vulnerability from nvd – Published: 2012-08-14 22:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://drupalcode.org/project/realname.git/commit… | x_refsource_CONFIRM |
| http://drupal.org/node/1547660 | x_refsource_MISC |
| http://secunia.com/advisories/48936 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/05/03/2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/53250 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://drupal.org/node/1547352 | x_refsource_CONFIRM |
| http://drupalcode.org/project/realname.git/commit… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/05/03/1 | mailing-listx_refsource_MLIST |
Date Public
2012-04-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547660"
},
{
"name": "48936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48936"
},
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "53250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53250"
},
{
"name": "realname-unspecified-xss(75181)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \"user names in page titles\" and (2) \"autocomplete callbacks.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547660"
},
{
"name": "48936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48936"
},
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "53250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53250"
},
{
"name": "realname-unspecified-xss(75181)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \"user names in page titles\" and (2) \"autocomplete callbacks.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupalcode.org/project/realname.git/commitdiff/b920794",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
},
{
"name": "http://drupal.org/node/1547660",
"refsource": "MISC",
"url": "http://drupal.org/node/1547660"
},
{
"name": "48936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48936"
},
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "53250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53250"
},
{
"name": "realname-unspecified-xss(75181)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
},
{
"name": "http://drupal.org/node/1547352",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547352"
},
{
"name": "http://drupalcode.org/project/realname.git/commitdiff/41786d0",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2298",
"datePublished": "2012-08-14T22:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2302 (GCVE-0-2012-2302)
Vulnerability from nvd – Published: 2012-07-25 21:00 – Updated: 2024-09-17 03:13
VLAI
EPSS
VEX
Summary
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/03/2 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1547686 | x_refsource_MISC |
| http://www.osvdb.org/81555 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/1546224 | x_refsource_CONFIRM |
| http://drupalcode.org/project/sitedoc.git/commitd… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/05/03/1 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547686"
},
{
"name": "81555",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1546224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/sitedoc.git/commitdiff/521721c"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547686"
},
{
"name": "81555",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1546224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/sitedoc.git/commitdiff/521721c"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "http://drupal.org/node/1547686",
"refsource": "MISC",
"url": "http://drupal.org/node/1547686"
},
{
"name": "81555",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81555"
},
{
"name": "http://drupal.org/node/1546224",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1546224"
},
{
"name": "http://drupalcode.org/project/sitedoc.git/commitdiff/521721c",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/sitedoc.git/commitdiff/521721c"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2302",
"datePublished": "2012-07-25T21:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:13:34.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2711 (GCVE-0-2012-2711)
Vulnerability from nvd – Published: 2012-06-27 00:00 – Updated: 2024-08-06 19:42
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/82164 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/1597262 | x_refsource_MISC |
| http://drupalcode.org/project/taxonomy_list.git/c… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/53671 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2012/06/14/3 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1595396 | x_refsource_CONFIRM |
| http://secunia.com/advisories/49238 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-05-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "82164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/82164"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1597262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0"
},
{
"name": "taxonomylist-taxonomyinformation-xss(75867)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75867"
},
{
"name": "53671",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53671"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1595396"
},
{
"name": "49238",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49238"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "82164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/82164"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1597262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0"
},
{
"name": "taxonomylist-taxonomyinformation-xss(75867)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75867"
},
{
"name": "53671",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53671"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1595396"
},
{
"name": "49238",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49238"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "82164",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82164"
},
{
"name": "http://drupal.org/node/1597262",
"refsource": "MISC",
"url": "http://drupal.org/node/1597262"
},
{
"name": "http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0"
},
{
"name": "taxonomylist-taxonomyinformation-xss(75867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75867"
},
{
"name": "53671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53671"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "http://drupal.org/node/1595396",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1595396"
},
{
"name": "49238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49238"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2711",
"datePublished": "2012-06-27T00:00:00.000Z",
"dateReserved": "2012-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:42:31.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2339 (GCVE-0-2012-2339)
Vulnerability from nvd – Published: 2012-05-21 20:00 – Updated: 2024-08-06 19:34
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/53440 | vdb-entryx_refsource_BID |
| http://drupal.org/node/1569482 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/49074 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/06/14/3 | mailing-listx_refsource_MLIST |
| http://drupalcode.org/project/glossary.git/commit… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/05/11/2 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/05/10/6 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1568156 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/06/15/6 | mailing-listx_refsource_MLIST |
Date Public
2012-05-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53440"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1569482"
},
{
"name": "glossary-taxonomyinformation-xss(75503)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75503"
},
{
"name": "49074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49074"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/glossary.git/commitdiff/c6cc3ac"
},
{
"name": "[oss-security] 20120510 Re: CVE Request for Drupal contributed modules - 2012-05-10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/2"
},
{
"name": "[oss-security] 20120510 CVE Request for Drupal contributed modules - 2012-05-10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1568156"
},
{
"name": "[oss-security] 20120615 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/15/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"taxonomy information.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "53440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53440"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1569482"
},
{
"name": "glossary-taxonomyinformation-xss(75503)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75503"
},
{
"name": "49074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49074"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/glossary.git/commitdiff/c6cc3ac"
},
{
"name": "[oss-security] 20120510 Re: CVE Request for Drupal contributed modules - 2012-05-10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/2"
},
{
"name": "[oss-security] 20120510 CVE Request for Drupal contributed modules - 2012-05-10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1568156"
},
{
"name": "[oss-security] 20120615 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/15/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"taxonomy information.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53440"
},
{
"name": "http://drupal.org/node/1569482",
"refsource": "MISC",
"url": "http://drupal.org/node/1569482"
},
{
"name": "glossary-taxonomyinformation-xss(75503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75503"
},
{
"name": "49074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49074"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "http://drupalcode.org/project/glossary.git/commitdiff/c6cc3ac",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/glossary.git/commitdiff/c6cc3ac"
},
{
"name": "[oss-security] 20120510 Re: CVE Request for Drupal contributed modules - 2012-05-10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/2"
},
{
"name": "[oss-security] 20120510 CVE Request for Drupal contributed modules - 2012-05-10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/6"
},
{
"name": "http://drupal.org/node/1568156",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1568156"
},
{
"name": "[oss-security] 20120615 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/15/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2339",
"datePublished": "2012-05-21T20:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:34:25.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4524 (GCVE-0-2009-4524)
Vulnerability from nvd – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36699 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/37058 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2009/2921 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/58944 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/604760 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36699"
},
{
"name": "37058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37058"
},
{
"name": "ADV-2009-2921",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2921"
},
{
"name": "58944",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58944"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604760"
},
{
"name": "realname-user-profile-xss(53787)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36699"
},
{
"name": "37058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37058"
},
{
"name": "ADV-2009-2921",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2921"
},
{
"name": "58944",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58944"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604760"
},
{
"name": "realname-user-profile-xss(53787)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36699"
},
{
"name": "37058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37058"
},
{
"name": "ADV-2009-2921",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2921"
},
{
"name": "58944",
"refsource": "OSVDB",
"url": "http://osvdb.org/58944"
},
{
"name": "http://drupal.org/node/604760",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604760"
},
{
"name": "realname-user-profile-xss(53787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4524",
"datePublished": "2009-12-31T19:00:00.000Z",
"dateReserved": "2009-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:08:37.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4500 (GCVE-0-2012-4500)
Vulnerability from cvelistv5 – Published: 2012-10-31 16:00 – Updated: 2024-08-06 20:35
VLAI
EPSS
VEX
Summary
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/10/04/6 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1761038 | x_refsource_CONFIRM |
| http://drupal.org/node/1762480 | x_refsource_MISC |
| http://www.securityfocus.com/bid/55283 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2012/10/07/1 | mailing-listx_refsource_MLIST |
Date Public
2012-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1761038"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1762480"
},
{
"name": "55283",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55283"
},
{
"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the \"access announcements\" permission to bypass node access restrictions and possibly have other unspecified impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-02T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1761038"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1762480"
},
{
"name": "55283",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55283"
},
{
"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the \"access announcements\" permission to bypass node access restrictions and possibly have other unspecified impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
},
{
"name": "http://drupal.org/node/1761038",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1761038"
},
{
"name": "http://drupal.org/node/1762480",
"refsource": "MISC",
"url": "http://drupal.org/node/1762480"
},
{
"name": "55283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55283"
},
{
"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4500",
"datePublished": "2012-10-31T16:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:09.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2298 (GCVE-0-2012-2298)
Vulnerability from cvelistv5 – Published: 2012-08-14 22:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://drupalcode.org/project/realname.git/commit… | x_refsource_CONFIRM |
| http://drupal.org/node/1547660 | x_refsource_MISC |
| http://secunia.com/advisories/48936 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/05/03/2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/53250 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://drupal.org/node/1547352 | x_refsource_CONFIRM |
| http://drupalcode.org/project/realname.git/commit… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/05/03/1 | mailing-listx_refsource_MLIST |
Date Public
2012-04-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547660"
},
{
"name": "48936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48936"
},
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "53250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53250"
},
{
"name": "realname-unspecified-xss(75181)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \"user names in page titles\" and (2) \"autocomplete callbacks.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547660"
},
{
"name": "48936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48936"
},
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "53250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53250"
},
{
"name": "realname-unspecified-xss(75181)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \"user names in page titles\" and (2) \"autocomplete callbacks.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupalcode.org/project/realname.git/commitdiff/b920794",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
},
{
"name": "http://drupal.org/node/1547660",
"refsource": "MISC",
"url": "http://drupal.org/node/1547660"
},
{
"name": "48936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48936"
},
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "53250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53250"
},
{
"name": "realname-unspecified-xss(75181)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
},
{
"name": "http://drupal.org/node/1547352",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547352"
},
{
"name": "http://drupalcode.org/project/realname.git/commitdiff/41786d0",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2298",
"datePublished": "2012-08-14T22:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2302 (GCVE-0-2012-2302)
Vulnerability from cvelistv5 – Published: 2012-07-25 21:00 – Updated: 2024-09-17 03:13
VLAI
EPSS
VEX
Summary
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/03/2 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1547686 | x_refsource_MISC |
| http://www.osvdb.org/81555 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/1546224 | x_refsource_CONFIRM |
| http://drupalcode.org/project/sitedoc.git/commitd… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/05/03/1 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547686"
},
{
"name": "81555",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1546224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/sitedoc.git/commitdiff/521721c"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547686"
},
{
"name": "81555",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1546224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/sitedoc.git/commitdiff/521721c"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "http://drupal.org/node/1547686",
"refsource": "MISC",
"url": "http://drupal.org/node/1547686"
},
{
"name": "81555",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81555"
},
{
"name": "http://drupal.org/node/1546224",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1546224"
},
{
"name": "http://drupalcode.org/project/sitedoc.git/commitdiff/521721c",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/sitedoc.git/commitdiff/521721c"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2302",
"datePublished": "2012-07-25T21:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:13:34.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2711 (GCVE-0-2012-2711)
Vulnerability from cvelistv5 – Published: 2012-06-27 00:00 – Updated: 2024-08-06 19:42
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/82164 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/1597262 | x_refsource_MISC |
| http://drupalcode.org/project/taxonomy_list.git/c… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/53671 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2012/06/14/3 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1595396 | x_refsource_CONFIRM |
| http://secunia.com/advisories/49238 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-05-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "82164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/82164"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1597262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0"
},
{
"name": "taxonomylist-taxonomyinformation-xss(75867)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75867"
},
{
"name": "53671",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53671"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1595396"
},
{
"name": "49238",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49238"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "82164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/82164"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1597262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0"
},
{
"name": "taxonomylist-taxonomyinformation-xss(75867)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75867"
},
{
"name": "53671",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53671"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1595396"
},
{
"name": "49238",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49238"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "82164",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82164"
},
{
"name": "http://drupal.org/node/1597262",
"refsource": "MISC",
"url": "http://drupal.org/node/1597262"
},
{
"name": "http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0"
},
{
"name": "taxonomylist-taxonomyinformation-xss(75867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75867"
},
{
"name": "53671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53671"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "http://drupal.org/node/1595396",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1595396"
},
{
"name": "49238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49238"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2711",
"datePublished": "2012-06-27T00:00:00.000Z",
"dateReserved": "2012-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:42:31.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2339 (GCVE-0-2012-2339)
Vulnerability from cvelistv5 – Published: 2012-05-21 20:00 – Updated: 2024-08-06 19:34
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/53440 | vdb-entryx_refsource_BID |
| http://drupal.org/node/1569482 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/49074 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/06/14/3 | mailing-listx_refsource_MLIST |
| http://drupalcode.org/project/glossary.git/commit… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/05/11/2 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/05/10/6 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1568156 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/06/15/6 | mailing-listx_refsource_MLIST |
Date Public
2012-05-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53440"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1569482"
},
{
"name": "glossary-taxonomyinformation-xss(75503)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75503"
},
{
"name": "49074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49074"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/glossary.git/commitdiff/c6cc3ac"
},
{
"name": "[oss-security] 20120510 Re: CVE Request for Drupal contributed modules - 2012-05-10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/2"
},
{
"name": "[oss-security] 20120510 CVE Request for Drupal contributed modules - 2012-05-10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1568156"
},
{
"name": "[oss-security] 20120615 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/15/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"taxonomy information.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "53440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53440"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1569482"
},
{
"name": "glossary-taxonomyinformation-xss(75503)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75503"
},
{
"name": "49074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49074"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/glossary.git/commitdiff/c6cc3ac"
},
{
"name": "[oss-security] 20120510 Re: CVE Request for Drupal contributed modules - 2012-05-10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/2"
},
{
"name": "[oss-security] 20120510 CVE Request for Drupal contributed modules - 2012-05-10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1568156"
},
{
"name": "[oss-security] 20120615 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/15/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"taxonomy information.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53440"
},
{
"name": "http://drupal.org/node/1569482",
"refsource": "MISC",
"url": "http://drupal.org/node/1569482"
},
{
"name": "glossary-taxonomyinformation-xss(75503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75503"
},
{
"name": "49074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49074"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "http://drupalcode.org/project/glossary.git/commitdiff/c6cc3ac",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/glossary.git/commitdiff/c6cc3ac"
},
{
"name": "[oss-security] 20120510 Re: CVE Request for Drupal contributed modules - 2012-05-10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/2"
},
{
"name": "[oss-security] 20120510 CVE Request for Drupal contributed modules - 2012-05-10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/6"
},
{
"name": "http://drupal.org/node/1568156",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1568156"
},
{
"name": "[oss-security] 20120615 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/15/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2339",
"datePublished": "2012-05-21T20:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:34:25.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4524 (GCVE-0-2009-4524)
Vulnerability from cvelistv5 – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36699 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/37058 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2009/2921 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/58944 | vdb-entryx_refsource_OSVDB |
| http://drupal.org/node/604760 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36699"
},
{
"name": "37058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37058"
},
{
"name": "ADV-2009-2921",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2921"
},
{
"name": "58944",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58944"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604760"
},
{
"name": "realname-user-profile-xss(53787)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36699"
},
{
"name": "37058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37058"
},
{
"name": "ADV-2009-2921",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2921"
},
{
"name": "58944",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58944"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604760"
},
{
"name": "realname-user-profile-xss(53787)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36699"
},
{
"name": "37058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37058"
},
{
"name": "ADV-2009-2921",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2921"
},
{
"name": "58944",
"refsource": "OSVDB",
"url": "http://osvdb.org/58944"
},
{
"name": "http://drupal.org/node/604760",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604760"
},
{
"name": "realname-user-profile-xss(53787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4524",
"datePublished": "2009-12-31T19:00:00.000Z",
"dateReserved": "2009-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:08:37.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}