Description
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://drupal.org/node/1859208
Patch, Vendor Advisory x_refsource_misc
http://drupal.org/node/1859282
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/12/20/1
Scores
EPSS
0.0119
EPSS Percentile
64.3%
Details
CWE
CWE-200
Status
published
Products (32)
nodewords_project/nodewords
4.7-1.0
nodewords_project/nodewords
4.7-1.1
nodewords_project/nodewords
4.7-1.2
nodewords_project/nodewords
4.7-1.x dev
nodewords_project/nodewords
5.x-1.0
nodewords_project/nodewords
5.x-1.2
nodewords_project/nodewords
5.x-1.3
nodewords_project/nodewords
5.x-1.4
nodewords_project/nodewords
5.x-1.5
nodewords_project/nodewords
5.x-1.7
... and 22 more
Published
Jan 03, 2013
Tracked Since
Feb 18, 2026