// For flags

CVE-2012-1060

 

Severity Score

2.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters.

Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en revisioning_theme.inc en el módulo Taxonomy en el módulo Revisioning v6.x-3.13 y otras versiones anteriores a v6.x-3.14 para Drupal permite a usuarios autenticados de forma remota tener ciertos privilegios para inyectar código web script o HTML a través de (1)tags o (2) parámetros term.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-02-13 CVE Reserved
  • 2012-02-14 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rik De Boer
Search vendor "Rik De Boer"
 Revisioning
Search vendor "Rik De Boer" for product "Revisioning"
 6.x-3.13
Search vendor "Rik De Boer" for product "Revisioning" and version "6.x-3.13"
-
Affected
in Drupal
Search vendor "Drupal"
 Drupal
Search vendor "Drupal" for product "Drupal"
*-
Safe