CVE-2012-6645
Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0088 (0.9%)
Percentile: 75.4%
EPSS: 2026-05-06
Affects
danielb:finderTechnical description
Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561.
Published: 4/8/2014, 2:22:09 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://drupal.org/node/1432318
- http://drupal.org/node/1432320
- http://drupalcode.org/project/finder.git/commit/13e2d0c
- http://drupalcode.org/project/finder.git/commit/58443aa
- http://drupalcode.org/project/finder.git/commit/758fcf9
- http://drupalcode.org/project/finder.git/commit/bc0cc82
- http://secunia.com/advisories/47941
- http://secunia.com/advisories/47943