CVE-2012-1652

CVE-2012-1652

EPSS 1.1%

Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://drupalcode.org/project/hierarchical_select.git/commit/be32dceb17d25553e474c295a8c3db69eab95cee http://drupal.org/node/1461318 http://drupal.org/node/1461724 http://osvdb.org/79683 http://secunia.com/advisories/48235 https://exchange.xforce.ibmcloud.com/vulnerabilities/73611 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52228