PT-2012-5430 · Drupal · Campaign Monitor Module For Drupal+1

Joshua Brauer

Publicado

2012-10-31

Atualizado

2018-06-27

CVE-2012-4484

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Campaign Monitor module for Drupal versions prior to 6.x-2.5

Description A cross-site scripting (XSS) issue exists in the administrative interface of the Campaign Monitor module for Drupal, allowing remote attackers to inject arbitrary web script or HTML. This issue is specific to the Drupal module and not the Campaign Monitor software itself.

Recommendations For versions prior to 6.x-2.5, update to version 6.x-2.5 or later to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2012-4484

Produtos afetados

Campaign Monitor Module For Drupal

Drupal

PT-2012-5430 · Drupal · Campaign Monitor Module For Drupal+1

CVE-2012-4484

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5