CVE-2012-2297

Creative Commons Module Creativecommons - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter.

References (8)

[Various Sources] http://drupal.org/node/1547478

[Various Sources] http://drupal.org/node/1547520

[Vendor Advisory] http://secunia.com/advisories/48937

[Various Sources] http://www.madirish.net/content/drupal-creative-commons-6x-10-xss-vulnerability

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75180

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/53248

[Mailing List] http://www.openwall.com/lists/oss-security/2012/05/03/1

[Mailing List] http://www.openwall.com/lists/oss-security/2012/05/03/2

Scores

EPSS 0.0035

EPSS Percentile 57.4%

Classification

CWE

CWE-79

Status published

Affected Products (2)

creative_commons_module_project/creativecommons

n/a/n/a

Timeline

Published Aug 26, 2012

Tracked Since Feb 18, 2026