CVE-2012-2717

Drupal Mobile Tools 6.x-2.x - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options.

References (9)

[Patch] http://drupal.org/node/1169008

[Patch, Vendor Advisory] http://drupal.org/node/1608828

[Exploit, Patch] http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fc

[Third Party Advisory, VDB Entry] http://osvdb.org/82410

[Vendor Advisory] http://secunia.com/advisories/49318

[Various Sources] http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss

[Patch] http://www.securityfocus.com/bid/53734

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/76002

[Mailing List] http://www.openwall.com/lists/oss-security/2012/06/14/3

Scores

EPSS 0.0070

EPSS Percentile 71.7%

Classification

CWE

CWE-79

Status published

Affected Products (5)

mathew_winstone/mobile_tools

mathew_winstone/mobile_tools

mathew_winstone/mobile_tools

mathew_winstone/mobile_tools

n/a/n/a

Timeline

Published Jun 27, 2012

Tracked Since Feb 18, 2026