Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
2.1
LOW
AV:N/AC:H/Au:S/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dmitry Loac | Taxotouch | - |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1401644Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- http://www.securityfocus.com/bid/51387
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72387
- http://drupal.org/node/1401644Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- http://www.securityfocus.com/bid/51387
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72387
FAQ
What is CVE-2012-1629?
CVE-2012-1629 is a vulnerability with a CVSS score of 2.1 (LOW). Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
How severe is CVE-2012-1629?
CVE-2012-1629 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1629?
Check the references section above for vendor advisories and patch information. Affected products include: Dmitry Loac Taxotouch, Drupal Drupal.