CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-5558

Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.5%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

http://drupal.org/node/1840892
http://drupal.org/node/1840954
http://drupal.org/node/1840956
http://www.openwall.com/lists/oss-security/2012/11/20/4
http://drupal.org/node/1840892
http://drupal.org/node/1840954
http://drupal.org/node/1840956
http://www.openwall.com/lists/oss-security/2012/11/20/4

Products affected by CVE-2012-5558

Smiley Project » Smiley » Version: 6.x-1.0

cpe:2.3:a:smiley_project:smiley:6.x-1.0
Smileys Project » Smileys » Version: 6.x-1.0

cpe:2.3:a:smileys_project:smileys:6.x-1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-5558

Products

Pricing

Contact Us