Vulnerability Details CVE-2012-1624
Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.7%
CVSS Severity
CVSS v2 Score 3.5
References
- http://drupal.org/node/1394220
- http://drupal.org/node/1394412
- http://secunia.com/advisories/47453
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- http://www.osvdb.org/78185
- http://www.securityfocus.com/bid/51272
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72151
- http://drupal.org/node/1394220
- http://drupal.org/node/1394412
- http://secunia.com/advisories/47453
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- http://www.osvdb.org/78185
- http://www.securityfocus.com/bid/51272
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72151
Products affected by CVE-2012-1624
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:lingotek:lingotek:6.x-1.0
-
cpe:2.3:a:lingotek:lingotek:6.x-1.1
-
cpe:2.3:a:lingotek:lingotek:6.x-1.3
-
cpe:2.3:a:lingotek:lingotek:6.x-1.31
-
cpe:2.3:a:lingotek:lingotek:6.x-1.4