Vulnerability Details CVE-2012-6572
Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.9%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/85422
- http://secunia.com/advisories/50557
- http://www.madirish.net/550
- https://drupal.org/node/1782286
- https://drupal.org/node/1782686
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78575
- http://osvdb.org/85422
- http://secunia.com/advisories/50557
- http://www.madirish.net/550
- https://drupal.org/node/1782286
- https://drupal.org/node/1782686
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78575
Products affected by CVE-2012-6572
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:kong:inf08:6.x-1.0
-
cpe:2.3:a:kong:inf08:6.x-1.0-beta1
-
cpe:2.3:a:kong:inf08:6.x-1.0-beta2
-
cpe:2.3:a:kong:inf08:6.x-1.1
-
cpe:2.3:a:kong:inf08:6.x-1.2
-
cpe:2.3:a:kong:inf08:6.x-1.3
-
cpe:2.3:a:kong:inf08:6.x-1.4
-
cpe:2.3:a:kong:inf08:6.x-1.5
-
cpe:2.3:a:kong:inf08:6.x-1.6
-
cpe:2.3:a:kong:inf08:6.x-1.7
-
cpe:2.3:a:kong:inf08:6.x-1.8
-
cpe:2.3:a:kong:inf08:6.x-1.9
-
cpe:2.3:a:kong:inf08:6.x-1.x-dev