Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities by rob_loach

    CVE-2012-5545 (GCVE-0-2012-5545)

    Vulnerability from nvd – Published: 2012-12-03 21:00 – Updated: 2024-08-06 21:14
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject arbitrary web script or HTML via unspecified vectors related to "JavaScript settings."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/1808760 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/11/20/4 mailing-listx_refsource_MLIST
    http://drupal.org/node/1808856 x_refsource_MISC
    http://www.securityfocus.com/bid/55870 vdb-entryx_refsource_BID
    Date Public
    2012-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:14.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1808760"
              },
              {
                "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1808856"
              },
              {
                "name": "55870",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/55870"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the \"administer sharethis\" permission to inject arbitrary web script or HTML via unspecified vectors related to \"JavaScript settings.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-26T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1808760"
            },
            {
              "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1808856"
            },
            {
              "name": "55870",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/55870"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-5545",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the \"administer sharethis\" permission to inject arbitrary web script or HTML via unspecified vectors related to \"JavaScript settings.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/1808760",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1808760"
                },
                {
                  "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
                },
                {
                  "name": "http://drupal.org/node/1808856",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1808856"
                },
                {
                  "name": "55870",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/55870"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5545",
        "datePublished": "2012-12-03T21:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:14:14.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2077 (GCVE-0-2012-2077)

    Vulnerability from nvd – Published: 2012-08-14 23:00 – Updated: 2024-08-06 19:17
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupalcode.org/project/sharethis.git/commi… x_refsource_CONFIRM
    http://secunia.com/advisories/48598 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    http://www.osvdb.org/80681 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/52778 vdb-entryx_refsource_BID
    http://drupal.org/node/1506448 x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://drupal.org/node/1504746 x_refsource_CONFIRM
    Date Public
    2012-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:17:27.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
              },
              {
                "name": "48598",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48598"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "name": "80681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/80681"
              },
              {
                "name": "52778",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52778"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1506448"
              },
              {
                "name": "drupal-sharethis-administrationforms-csrf(74518)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1504746"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors \"outside of the Form API.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
            },
            {
              "name": "48598",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48598"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "name": "80681",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/80681"
            },
            {
              "name": "52778",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52778"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1506448"
            },
            {
              "name": "drupal-sharethis-administrationforms-csrf(74518)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1504746"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-2077",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors \"outside of the Form API.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupalcode.org/project/sharethis.git/commit/11f247a",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
                },
                {
                  "name": "48598",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48598"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "80681",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/80681"
                },
                {
                  "name": "52778",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52778"
                },
                {
                  "name": "http://drupal.org/node/1506448",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1506448"
                },
                {
                  "name": "drupal-sharethis-administrationforms-csrf(74518)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74518"
                },
                {
                  "name": "http://drupal.org/node/1504746",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1504746"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2077",
        "datePublished": "2012-08-14T23:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:17:27.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2076 (GCVE-0-2012-2076)

    Vulnerability from nvd – Published: 2012-08-14 23:00 – Updated: 2024-08-06 19:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupalcode.org/project/sharethis.git/commi… x_refsource_CONFIRM
    http://secunia.com/advisories/48598 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/52778 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://drupal.org/node/1506448 x_refsource_MISC
    http://drupal.org/node/1504746 x_refsource_CONFIRM
    http://osvdb.org/80670 vdb-entryx_refsource_OSVDB
    Date Public
    2012-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:17:27.738Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
              },
              {
                "name": "48598",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48598"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "name": "52778",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52778"
              },
              {
                "name": "drupal-sharethis-administrationforms-xss(74516)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74516"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1506448"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1504746"
              },
              {
                "name": "80670",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80670"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
            },
            {
              "name": "48598",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48598"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "name": "52778",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52778"
            },
            {
              "name": "drupal-sharethis-administrationforms-xss(74516)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74516"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1506448"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1504746"
            },
            {
              "name": "80670",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80670"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-2076",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupalcode.org/project/sharethis.git/commit/11f247a",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
                },
                {
                  "name": "48598",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48598"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "52778",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52778"
                },
                {
                  "name": "drupal-sharethis-administrationforms-xss(74516)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74516"
                },
                {
                  "name": "http://drupal.org/node/1506448",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1506448"
                },
                {
                  "name": "http://drupal.org/node/1504746",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1504746"
                },
                {
                  "name": "80670",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80670"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2076",
        "datePublished": "2012-08-14T23:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:17:27.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5545 (GCVE-0-2012-5545)

    Vulnerability from cvelistv5 – Published: 2012-12-03 21:00 – Updated: 2024-08-06 21:14
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject arbitrary web script or HTML via unspecified vectors related to "JavaScript settings."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/1808760 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/11/20/4 mailing-listx_refsource_MLIST
    http://drupal.org/node/1808856 x_refsource_MISC
    http://www.securityfocus.com/bid/55870 vdb-entryx_refsource_BID
    Date Public
    2012-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:14.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1808760"
              },
              {
                "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1808856"
              },
              {
                "name": "55870",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/55870"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the \"administer sharethis\" permission to inject arbitrary web script or HTML via unspecified vectors related to \"JavaScript settings.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-26T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1808760"
            },
            {
              "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1808856"
            },
            {
              "name": "55870",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/55870"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-5545",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the \"administer sharethis\" permission to inject arbitrary web script or HTML via unspecified vectors related to \"JavaScript settings.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/1808760",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1808760"
                },
                {
                  "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
                },
                {
                  "name": "http://drupal.org/node/1808856",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1808856"
                },
                {
                  "name": "55870",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/55870"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5545",
        "datePublished": "2012-12-03T21:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:14:14.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2076 (GCVE-0-2012-2076)

    Vulnerability from cvelistv5 – Published: 2012-08-14 23:00 – Updated: 2024-08-06 19:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupalcode.org/project/sharethis.git/commi… x_refsource_CONFIRM
    http://secunia.com/advisories/48598 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/52778 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://drupal.org/node/1506448 x_refsource_MISC
    http://drupal.org/node/1504746 x_refsource_CONFIRM
    http://osvdb.org/80670 vdb-entryx_refsource_OSVDB
    Date Public
    2012-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:17:27.738Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
              },
              {
                "name": "48598",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48598"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "name": "52778",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52778"
              },
              {
                "name": "drupal-sharethis-administrationforms-xss(74516)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74516"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1506448"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1504746"
              },
              {
                "name": "80670",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80670"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
            },
            {
              "name": "48598",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48598"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "name": "52778",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52778"
            },
            {
              "name": "drupal-sharethis-administrationforms-xss(74516)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74516"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1506448"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1504746"
            },
            {
              "name": "80670",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80670"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-2076",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupalcode.org/project/sharethis.git/commit/11f247a",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
                },
                {
                  "name": "48598",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48598"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "52778",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52778"
                },
                {
                  "name": "drupal-sharethis-administrationforms-xss(74516)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74516"
                },
                {
                  "name": "http://drupal.org/node/1506448",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1506448"
                },
                {
                  "name": "http://drupal.org/node/1504746",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1504746"
                },
                {
                  "name": "80670",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80670"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2076",
        "datePublished": "2012-08-14T23:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:17:27.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2077 (GCVE-0-2012-2077)

    Vulnerability from cvelistv5 – Published: 2012-08-14 23:00 – Updated: 2024-08-06 19:17
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupalcode.org/project/sharethis.git/commi… x_refsource_CONFIRM
    http://secunia.com/advisories/48598 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/04/07/1 mailing-listx_refsource_MLIST
    http://www.osvdb.org/80681 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/52778 vdb-entryx_refsource_BID
    http://drupal.org/node/1506448 x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://drupal.org/node/1504746 x_refsource_CONFIRM
    Date Public
    2012-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:17:27.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
              },
              {
                "name": "48598",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48598"
              },
              {
                "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
              },
              {
                "name": "80681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/80681"
              },
              {
                "name": "52778",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52778"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1506448"
              },
              {
                "name": "drupal-sharethis-administrationforms-csrf(74518)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74518"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1504746"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors \"outside of the Form API.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
            },
            {
              "name": "48598",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48598"
            },
            {
              "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
            },
            {
              "name": "80681",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/80681"
            },
            {
              "name": "52778",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52778"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1506448"
            },
            {
              "name": "drupal-sharethis-administrationforms-csrf(74518)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74518"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1504746"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-2077",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors \"outside of the Form API.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupalcode.org/project/sharethis.git/commit/11f247a",
                  "refsource": "CONFIRM",
                  "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"
                },
                {
                  "name": "48598",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48598"
                },
                {
                  "name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
                },
                {
                  "name": "80681",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/80681"
                },
                {
                  "name": "52778",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52778"
                },
                {
                  "name": "http://drupal.org/node/1506448",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1506448"
                },
                {
                  "name": "drupal-sharethis-administrationforms-csrf(74518)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74518"
                },
                {
                  "name": "http://drupal.org/node/1504746",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1504746"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2077",
        "datePublished": "2012-08-14T23:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:17:27.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }