Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mathew Winstone | Mobile Tools | 6.x-2.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1169008Patch
- http://drupal.org/node/1608828PatchVendor Advisory
- http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fcExploitPatch
- http://osvdb.org/82410
- http://secunia.com/advisories/49318Vendor Advisory
- http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.securityfocus.com/bid/53734Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76002
- http://drupal.org/node/1169008Patch
- http://drupal.org/node/1608828PatchVendor Advisory
- http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fcExploitPatch
- http://osvdb.org/82410
- http://secunia.com/advisories/49318Vendor Advisory
- http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss
FAQ
What is CVE-2012-2717?
CVE-2012-2717 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL fi...
How severe is CVE-2012-2717?
CVE-2012-2717 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2717?
Check the references section above for vendor advisories and patch information. Affected products include: Mathew Winstone Mobile Tools, Drupal Drupal.