Vulnerability CVE-2012-5654


Published: 2013-01-02   Modified: 2013-01-03

Description:
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Nodewords project -> Nodewords 

 References:
http://drupal.org/node/1859282
http://drupal.org/node/1859208
http://www.openwall.com/lists/oss-security/2012/12/20/1

Copyright 2024, cxsecurity.com

 

Back to Top