CVE-2012-0914

Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/1409436	Patch Vendor Advisory
http://drupal.org/node/1409446	Patch
http://drupal.org/node/1409448	Patch
http://drupalcode.org/project/panels.git/commit/2066d59
http://drupalcode.org/project/panels.git/commit/d844942
http://osvdb.org/78367
http://secunia.com/advisories/47649	Vendor Advisory
http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability	Patch
http://www.securityfocus.com/bid/51568
https://exchange.xforce.ibmcloud.com/vulnerabilities/72549
http://drupal.org/node/1409436	Patch Vendor Advisory
http://drupal.org/node/1409446	Patch
http://drupal.org/node/1409448	Patch
http://drupalcode.org/project/panels.git/commit/2066d59
http://drupalcode.org/project/panels.git/commit/d844942
http://osvdb.org/78367
http://secunia.com/advisories/47649	Vendor Advisory
http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability	Patch
http://www.securityfocus.com/bid/51568
https://exchange.xforce.ibmcloud.com/vulnerabilities/72549

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:earl_miles:panels:6.x-3.0:::::::*
	cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha1::::::
	cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha2::::::
	cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha3::::::
	cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha4::::::
	cpe:2.3:a:earl_miles:panels:6.x-3.0:beta1::::::
	cpe:2.3:a:earl_miles:panels:6.x-3.0:beta2::::::
	cpe:2.3:a:earl_miles:panels:6.x-3.0:beta4::::::
	cpe:2.3:a:earl_miles:panels:6.x-3.0:rc1::::::
	cpe:2.3:a:earl_miles:panels:6.x-3.1:::::::*
	cpe:2.3:a:earl_miles:panels:6.x-3.2:::::::*
	cpe:2.3:a:earl_miles:panels:6.x-3.3:::::::*
	cpe:2.3:a:earl_miles:panels:6.x-3.4:::::::*
	cpe:2.3:a:earl_miles:panels:6.x-3.5:::::::*
	cpe:2.3:a:earl_miles:panels:6.x-3.7:::::::*
	cpe:2.3:a:earl_miles:panels:6.x-3.8:::::::*
	cpe:2.3:a:earl_miles:panels:6.x-3.9:::::::*
	cpe:2.3:a:earl_miles:panels:6.x-3.x:dev::::::

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha1::::::
	cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha2::::::
	cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha3::::::
	cpe:2.3:a:earl_miles:panels:7.x-3.x:dev::::::

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:35

Type	Values Removed	Values Added
References	~~() http://drupal.org/node/1409436 - Patch, Vendor Advisory~~	() http://drupal.org/node/1409436 - Patch, Vendor Advisory
References	~~() http://drupal.org/node/1409446 - Patch~~	() http://drupal.org/node/1409446 - Patch
References	~~() http://drupal.org/node/1409448 - Patch~~	() http://drupal.org/node/1409448 - Patch
References	~~() http://drupalcode.org/project/panels.git/commit/2066d59 -~~	() http://drupalcode.org/project/panels.git/commit/2066d59 -
References	~~() http://drupalcode.org/project/panels.git/commit/d844942 -~~	() http://drupalcode.org/project/panels.git/commit/d844942 -
References	~~() http://osvdb.org/78367 -~~	() http://osvdb.org/78367 -
References	~~() http://secunia.com/advisories/47649 - Vendor Advisory~~	() http://secunia.com/advisories/47649 - Vendor Advisory
References	~~() http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability - Patch~~	() http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability - Patch
References	~~() http://www.securityfocus.com/bid/51568 -~~	() http://www.securityfocus.com/bid/51568 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/72549 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/72549 -

Information

Published : 2012-01-24 18:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-0914

Mitre link : CVE-2012-0914

CVE.ORG link : CVE-2012-0914

JSON object : View

Products Affected

drupal

drupal

earl_miles

panels

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2012-0914", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-01-24T18:55:01.690", "references": [{"url": "http://drupal.org/node/1409436", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/1409446", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/1409448", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupalcode.org/project/panels.git/commit/2066d59", "source": "cve@mitre.org"}, {"url": "http://drupalcode.org/project/panels.git/commit/d844942", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/78367", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/47649", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/51568", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72549", "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/1409436", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://drupal.org/node/1409446", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://drupal.org/node/1409448", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://drupalcode.org/project/panels.git/commit/2066d59", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://drupalcode.org/project/panels.git/commit/d844942", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/78367", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/47649", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/51568", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72549", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title."}, {"lang": "es", "value": "Vulnerbilidad de ejecuci\u00f3n de secuencias de comandos web en sitios cruzados (XSS) en display_renderers/panels_renderer_editor.class.php en la vista de administraci\u00f3n en el m\u00f3dulo Panels v6.x-2.x anterior a v6.x-3.10 y v7.x-3.x anterior v7.x-3.0 para Drupal permite a usuarios autenticados de forma remota con ciertos privilegios inyectar c\u00f3digo web script de su elecci\u00f3n o HTML a trav\u00e9s del 'title' Region."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F7FDB15-3B06-43AA-8FDF-DCCA137EAEAF"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11733CB-B68B-4DC4-90E8-75EDB2A9D616"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DFF9E8E-3C0C-4E07-8C65-7E928E71563C"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F2BB012-22DF-42E2-89F4-5542EAB21107"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:alpha4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70775F0F-3B57-417E-B116-3CFD43B83B66"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4A7B0F5-A9CC-4287-8247-D44B71A0C46D"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE5F0B91-A3B1-4A8D-B64A-4ECD94CA94C1"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6347ECE0-2C66-47D5-9B57-D5BA0D6F4C91"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A162DC0-D61B-404D-914F-F058D2DED47C"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0DE2442-F0A0-400A-AC91-61B331330D10"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C90BD49E-2583-4BC3-91E7-9B104251ECD4"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B49552D8-63A9-40C3-8D24-AB345996CFF3"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D4030F8-497F-46A3-A6B4-CC0CD7DBBFAC"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0CC32BC-3EE5-4743-B89A-3C13FEDB033A"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D13FAA1B-E84F-4215-A7B4-44D5A3802879"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13A37FE9-FA07-4566-9D64-E73385656077"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB6B4223-3E5B-4F60-B0EF-E1C9B086F97C"}, {"criteria": "cpe:2.3:a:earl_miles:panels:6.x-3.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCDE6A13-FB05-4016-8793-FDA4D8543E5A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B440A22-6241-4452-A5FE-0C41CE77FE27"}, {"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB849863-7CD4-4B7E-8136-CF94FCF714A8"}, {"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.0:alpha3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D97AB2AD-24F8-4080-9E0A-5291FC05FBAA"}, {"criteria": "cpe:2.3:a:earl_miles:panels:7.x-3.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA78D313-CFCF-4AD4-A3F1-9CADD135B8EC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

4.3 /10