CVE-2012-5654 — MEDIUM (4.3)

Q: How severe is CVE-2012-5654?

CVE-2012-5654 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-5654?

Check the references section above for vendor advisories and patch information. Affected products include: Nodewords Project Nodewords, Drupal Drupal.

Vulnerability Description

The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Nodewords Project	Nodewords	<= 6.x-1.14
Drupal	Drupal	-

Related Weaknesses (CWE)

CWE-200

References

http://drupal.org/node/1859208Patch
http://drupal.org/node/1859282PatchVendor Advisory
http://www.openwall.com/lists/oss-security/2012/12/20/1
http://drupal.org/node/1859208Patch
http://drupal.org/node/1859282PatchVendor Advisory
http://www.openwall.com/lists/oss-security/2012/12/20/1

FAQ

What is CVE-2012-5654?

CVE-2012-5654 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags,...

How severe is CVE-2012-5654?

CVE-2012-5654 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-5654?

Check the references section above for vendor advisories and patch information. Affected products include: Nodewords Project Nodewords, Drupal Drupal.