CVE-2012-1632 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Erik Webb	Password Policy

Configuration 1 [-]

AND

OR	cpe:2.3:a:erik_webb:password_policy::::::::
	cpe:2.3:a:erik_webb:password_policy:5.x-1.0:alpha1::::::
	cpe:2.3:a:erik_webb:password_policy:5.x-1.x:dev::::::
	cpe:2.3:a:erik_webb:password_policy:6.x-1.0:::::::*
	cpe:2.3:a:erik_webb:password_policy:6.x-1.0:alpha1::::::
	cpe:2.3:a:erik_webb:password_policy:6.x-1.0:alpha2::::::
	cpe:2.3:a:erik_webb:password_policy:6.x-1.0:alpha3::::::
	cpe:2.3:a:erik_webb:password_policy:6.x-1.0:alpha4::::::
	cpe:2.3:a:erik_webb:password_policy:6.x-1.0:beta1::::::
	cpe:2.3:a:erik_webb:password_policy:6.x-1.1:::::::*
	cpe:2.3:a:erik_webb:password_policy:6.x-1.2:::::::*
	cpe:2.3:a:erik_webb:password_policy:6.x-1.x:dev::::::
	cpe:2.3:a:erik_webb:password_policy:7.x-1.0:beta3::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1401678
http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6
http://secunia.com/advisories/47541
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.securityfocus.com/bid/51385

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-09-20T00:00:00Z

Updated: 2024-09-17T01:01:29.533Z

Reserved: 2012-03-12T00:00:00Z

Link: CVE-2012-1632

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-09-20T00:55:04.890

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-1632

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-09-20T00:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1401678"}, {"name": "51385", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51385"}, {"name": "47541", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47541"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1632", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"name": "http://drupal.org/node/1401678", "refsource": "CONFIRM", "url": "http://drupal.org/node/1401678"}, {"name": "51385", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51385"}, {"name": "47541", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47541"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:01:02.915Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1401678"}, {"name": "51385", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51385"}, {"name": "47541", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47541"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1632", "datePublished": "2012-09-20T00:00:00Z", "dateReserved": "2012-03-12T00:00:00Z", "dateUpdated": "2024-09-17T01:01:29.533Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:erik_webb:password_policy:*:*:*:*:*:*:*:*", "matchCriteriaId": "54E8A676-4F5C-4E61-9512-EF839D1A843B", "versionEndIncluding": "6.x-1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:5.x-1.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "A9932B21-9E21-432E-A9C6-645BBD78B0F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:5.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "3BE02FD8-1BD6-4E49-B2AF-5A957672EFDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DFF6639-98CE-4B71-BB54-4FDBB71046F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:6.x-1.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "E53CCC1A-A5EA-4941-8E11-8E0041F81DFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:6.x-1.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "5C8E29CD-0AF8-4CA1-87EF-0AE732779411", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:6.x-1.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "EDAB2F76-DF8C-4BDF-8E77-3325481ACFBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:6.x-1.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "9E483142-C58E-466E-B2BB-07A29E4A65D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:6.x-1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "663CC643-936B-436D-B737-4483F4DB4E61", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "41E32078-8C64-46AF-9379-03F235D56DCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "994AF345-E3CF-4B7D-A667-2A7C545B2BD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:6.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "7A2FADA3-CA25-43BB-8B51-916891AED189", "vulnerable": true}, {"criteria": "cpe:2.3:a:erik_webb:password_policy:7.x-1.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "73E992F5-C450-4BBE-8CEA-D302FCD2AC6B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en password_policy.admin.inc en el m\u00f3dulo Password Policy anteriores a v6.x-1.4 y v7.x-1.0 beta3 para Drupal, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro name."}], "id": "CVE-2012-1632", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-09-20T00:55:04.890", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1401678"}, {"source": "secalert@redhat.com", "url": "http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47541"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/51385"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1401678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47541"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/51385"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}