PT-2012-3784 · Drupal · Drupal
Publicado
2012-08-14
·
Atualizado
2017-08-29
·
CVE-2012-2070
CVSS v2.0
2.1
Baixa
| Vetor | AV:N/AC:H/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal MultiBlock module versions 6.x-1.x before 6.x-1.4
Drupal MultiBlock module versions 7.x-1.x before 7.x-1.1
Description
A cross-site scripting (XSS) issue exists in the MultiBlock module for Drupal, allowing remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title.
Recommendations
For versions 6.x-1.x before 6.x-1.4, update to version 6.x-1.4 or later.
For versions 7.x-1.x before 7.x-1.1, update to version 7.x-1.1 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Drupal