CVE-2012-1646
Drupal FAQ < 6.x-1.13 and 7.x-1.x-rc1 - Authenticated Cross-Site Scripting via Title or Detailed Question Parameters
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_question parameter in faq.module.
References (10)
Core 10
Core References
Vendor Advisory x_refsource_confirm
http://drupal.org/node/1451194
Patch x_refsource_confirm
http://drupalcode.org/project/faq.git/commit/912f1d2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/79466
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48131
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52126
Patch, Vendor Advisory x_refsource_confirm
http://drupalcode.org/project/faq.git/blobdiff/525fb85e5a43cb6cfe3028aa88eaf8a6e40548d5..f381756:/faq.admin.inc
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/07/1
Patch, Vendor Advisory x_refsource_confirm
http://drupalcode.org/project/faq.git/commit/f381756
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73452
Patch, Vendor Advisory x_refsource_confirm
http://drupalcode.org/project/faq.git/blobdiff/2991dd94e70a2881571a4b777645f4dcc42c1f10..912f1d2:/faq.module
Scores
EPSS
0.0068
EPSS Percentile
71.9%
Details
CWE
CWE-79
Status
published
Products (15)
drupal/faq
6.x-1.0
drupal/faq
6.x-1.1
drupal/faq
6.x-1.2
drupal/faq
6.x-1.3
drupal/faq
6.x-1.4
drupal/faq
6.x-1.5
drupal/faq
6.x-1.6
drupal/faq
6.x-1.7
drupal/faq
6.x-1.8
drupal/faq
6.x-1.9
... and 5 more
Published
Sep 25, 2012
Tracked Since
Feb 18, 2026