Vulnerability Details CVE-2012-4484
Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://drupal.org/node/1689790
- http://drupal.org/node/1691446
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
- http://drupal.org/node/1689790
- http://drupal.org/node/1691446
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
Products affected by CVE-2012-4484
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:trexart:campaignmonitor:6.x-1.1
-
cpe:2.3:a:trexart:campaignmonitor:6.x-1.x-dev
-
cpe:2.3:a:trexart:campaignmonitor:6.x-2.1
-
cpe:2.3:a:trexart:campaignmonitor:6.x-2.2
-
cpe:2.3:a:trexart:campaignmonitor:6.x-2.3
-
cpe:2.3:a:trexart:campaignmonitor:6.x-2.4
-
cpe:2.3:a:trexart:campaignmonitor:6.x-2.x