Cross-Site Scripting Vulnerability in Inf08 Theme for Drupal
CVE-2012-6572

Currently unrated

Key Information:

Vendor: Kong
Status: Inf08
Vendor: CVE Published:; 21 June 2013

What is CVE-2012-6572?

The Inf08 theme for Drupal contains a cross-site scripting vulnerability that allows remote authenticated users with the 'administer taxonomy' permission to inject malicious web scripts or HTML into the application. This occurs through the manipulation of taxonomy vocabulary names, potentially compromising the security of the affected website. It is crucial for Drupal site administrators to be aware of this vulnerability and to implement security measures to safeguard against potential exploitation.

References

http://www.madirish.net/550

x_refsource_MISC

https://drupal.org/node/1782286

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/78575

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2013
Vulnerability Reserved
Jun 21, 2013

CVE-2012-6572 Data

JSON

Kong

What is CVE-2012-6572?

References

Timeline