Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thomas Seidl | Search Api | 7.x-1.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1596524Patch
- http://drupal.org/node/1597364PatchVendor Advisory
- http://drupalcode.org/project/search_api.git/commitdiff/5a18c8cExploitPatch
- http://secunia.com/advisories/49236Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.osvdb.org/82230
- http://www.securityfocus.com/bid/53672
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75868
- http://drupal.org/node/1596524Patch
- http://drupal.org/node/1597364PatchVendor Advisory
- http://drupalcode.org/project/search_api.git/commitdiff/5a18c8cExploitPatch
- http://secunia.com/advisories/49236Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.osvdb.org/82230
- http://www.securityfocus.com/bid/53672
FAQ
What is CVE-2012-2712?
CVE-2012-2712 is a vulnerability with a CVSS score of 2.6 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbi...
How severe is CVE-2012-2712?
CVE-2012-2712 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2712?
Check the references section above for vendor advisories and patch information. Affected products include: Thomas Seidl Search Api, Drupal Drupal.