NVD

Id
45867  
Name
CVE-2012-4485  
Description
Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2012-10-31  
Modified Date
2013-07-19  
Seq
2012-4485  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
230295 45867 CVE-2012-4485 http://drupal.org/node/1699744  View
230296 45867 CVE-2012-4485 http://drupal.org/node/1700578  View
230297 45867 CVE-2012-4485 http://drupalcode.org/project/galleryformatter.git/commitdiff/b0392a1  View
230298 45867 CVE-2012-4485 [oss-security] 20121004 CVE Request for Drupal Contributed Modules  View
230299 45867 CVE-2012-4485 [oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules  View
230300 45867 CVE-2012-4485 54674  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
29474 JVNDB-2012-005181 Drupal 用 Gallery formatter モジュールにおけるクロスサイトスクリプティングの脆弱性 Drupal 用 Gallery formatter モジュールの galleryformatter.tpl.php 内の galleryformatter_field_formatter_view 関数には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2012-4485 57723 CVE-2012-4485 45867 4.3 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005181.html 2012-07-25 2012-11-02 View