QwikSec

Security Database

CVE

CWE

Training

CVE-2012-1640

Published: Sep 19, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Managesite module 6.x-1.x before 6.1-1.1 for Drupal allow remote authenticated users with "administer managesite" permissions to inject arbitrary web script or HTML via the title parameter when (1) adding or (2) updating a category.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://drupal.org/node/1417000

x_refsource_MISC

[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

drupal-managesite-category-xss(72742)

vdb-entry

x_refsource_XF

http://drupalcode.org/project/managesite.git/blobdiff/7dd99c47d891d482be1430d3c06a5bb0f6c74d85..7051b7e:/managesite.module

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.