Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: October 31, 2012
Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site).
Weakness Type (CWE)
Cross-Site Scripting (XSS)CWE-79
Upgrade to version 6.x-2.5
|Attack Vector (AV):||NETWORK|
|Attack Complexity (AC):||HIGH|
|Privileges Required (PR):||NONE|
|User Interaction (UI):||NONE|
|Access Vector (AV):||NETWORK|
|Access Complexity (AC):||MEDIUM|