Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbitrary web script or HTML via the title parameter when (1) adding or (2) updating a category.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:S/C:N/I:P/A:N
Vendors Products
Drupal
  • Drupal
Alquimia
  • Managesite

Configuration 1 [-]

AND
OR cpe:2.3:a:alquimia:managesite:6.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:alquimia:managesite:6.x-1.x:dev:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
References
Link Resource
http://drupal.org/node/1417000 Patch Vendor Advisory
http://drupalcode.org/project/managesite.git/blobdiff/7dd99c47d891d482be1430d3c06a5bb0f6c74d85..7051b7e:/managesite.module
http://secunia.com/advisories/47732 Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.securityfocus.com/bid/51669
https://exchange.xforce.ibmcloud.com/vulnerabilities/72742
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-09-19T21:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-03-12T00:00:00

Link: CVE-2012-1640

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2012-09-19T21:55:04.060

Modified: 2017-08-29T01:31:20.460

Link: CVE-2012-1640

JSON object: View

cve-icon Redhat Information

No data.

CWE