Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the (1) report or (2) Custom Services List page.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isaac Sukin | Shorten | 6.x-1.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1719392Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
- http://www.securityfocus.com/bid/54911
- https://drupal.org/node/1719306Patch
- https://drupal.org/node/1719310Patch
- http://drupal.org/node/1719392Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
- http://www.securityfocus.com/bid/54911
- https://drupal.org/node/1719306Patch
- https://drupal.org/node/1719310Patch
FAQ
What is CVE-2012-4492?
CVE-2012-4492 is a vulnerability with a CVSS score of 2.1 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions t...
How severe is CVE-2012-4492?
CVE-2012-4492 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4492?
Check the references section above for vendor advisories and patch information. Affected products include: Isaac Sukin Shorten, Drupal Drupal.