// For flags

CVE-2012-2711

 

Severity Score

2.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information.

vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Taxonomy List v6.x-1.x anterior a v6.x-1.4 para Drupal, permite a usuarios remotos autenticados, con permisos para crear o editar términos de la taxonomía a inyectar secuencias de comandos web o HTML a través de vectores que implican información de la taxonomía.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-05-14 CVE Reserved
  • 2012-06-27 CVE Published
  • 2023-05-17 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nancy Wichmann
Search vendor "Nancy Wichmann"
 Taxonomy List
Search vendor "Nancy Wichmann" for product "Taxonomy List"
 6.x-1.0
Search vendor "Nancy Wichmann" for product "Taxonomy List" and version "6.x-1.0"
-
Affected
in Drupal
Search vendor "Drupal"
 Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Nancy Wichmann
Search vendor "Nancy Wichmann"
 Taxonomy List
Search vendor "Nancy Wichmann" for product "Taxonomy List"
 6.x-1.0-beta1
Search vendor "Nancy Wichmann" for product "Taxonomy List" and version "6.x-1.0-beta1"
-
Affected
in Drupal
Search vendor "Drupal"
 Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Nancy Wichmann
Search vendor "Nancy Wichmann"
 Taxonomy List
Search vendor "Nancy Wichmann" for product "Taxonomy List"
 6.x-1.1
Search vendor "Nancy Wichmann" for product "Taxonomy List" and version "6.x-1.1"
-
Affected
in Drupal
Search vendor "Drupal"
 Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Nancy Wichmann
Search vendor "Nancy Wichmann"
 Taxonomy List
Search vendor "Nancy Wichmann" for product "Taxonomy List"
 6.x-1.2
Search vendor "Nancy Wichmann" for product "Taxonomy List" and version "6.x-1.2"
-
Affected
in Drupal
Search vendor "Drupal"
 Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Nancy Wichmann
Search vendor "Nancy Wichmann"
 Taxonomy List
Search vendor "Nancy Wichmann" for product "Taxonomy List"
 6.x-1.2
Search vendor "Nancy Wichmann" for product "Taxonomy List" and version "6.x-1.2"
dev
Affected
in Drupal
Search vendor "Drupal"
 Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Nancy Wichmann
Search vendor "Nancy Wichmann"
 Taxonomy List
Search vendor "Nancy Wichmann" for product "Taxonomy List"
 6.x-1.3
Search vendor "Nancy Wichmann" for product "Taxonomy List" and version "6.x-1.3"
-
Affected
in Drupal
Search vendor "Drupal"
 Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe
Nancy Wichmann
Search vendor "Nancy Wichmann"
 Taxonomy List
Search vendor "Nancy Wichmann" for product "Taxonomy List"
 6.x-1.x-dev
Search vendor "Nancy Wichmann" for product "Taxonomy List" and version "6.x-1.x-dev"
-
Affected
in Drupal
Search vendor "Drupal"
 Drupal
Search vendor "Drupal" for product "Drupal"
--
Safe