NVD

Id
45852  
Name
CVE-2012-4469  
Description
Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module.  
Reject
 
CVSS Version
2  
CVSS Score
2.6  
Severity
Low  
CVSS Base Score
2.6  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2012-11-30  
Modified Date
2012-12-03  
Seq
2012-4469  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
230241 45852 CVE-2012-4469 http://drupal.org/node/1650784  View
230242 45852 CVE-2012-4469 http://drupal.org/node/1650790  View
230243 45852 CVE-2012-4469 http://drupal.org/node/1663306  View
230244 45852 CVE-2012-4469 [oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
29896 JVNDB-2012-005603 Drupal 用 Hashcash モジュールにおけるクロスサイトスクリプティングの脆弱性 Drupal 用 Hashcash モジュールには、"Log failed hashcash" が有効になっている場合、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2012-4469 57707 CVE-2012-4469 45852 2.6 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005603.html 2012-06-21 2012-12-04 View