CVE-2012-2717

Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:mathew_winstone:mobile_tools:6.x-2.0:*:*:*:*:*:*:*
cpe:2.3:a:mathew_winstone:mobile_tools:6.x-2.1:*:*:*:*:*:*:*
cpe:2.3:a:mathew_winstone:mobile_tools:6.x-2.2:*:*:*:*:*:*:*
cpe:2.3:a:mathew_winstone:mobile_tools:6.x-2.x:dev:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-06-27 21:55

Updated : 2024-02-04 18:16


NVD link : CVE-2012-2717

Mitre link : CVE-2012-2717

CVE.ORG link : CVE-2012-2717


JSON object : View

Products Affected

mathew_winstone

  • mobile_tools

drupal

  • drupal
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')