Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2012-1639

Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters.

  • Published: Oct 1, 2012
  • Updated: Apr 13, 2023
  • CVE: CVE-2012-1639
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
commerceguys / commerce - 7.x-1.1.x
commerceguys / commerce 7.x-1.0-beta3 7.x-1.0-beta3.x
commerceguys / commerce 7.x-1.0-alpha3 7.x-1.0-alpha3.x
commerceguys / commerce 7.x-1.0-rc2 7.x-1.0-rc2.x
commerceguys / commerce 7.x-1.0-alpha5 7.x-1.0-alpha5.x
commerceguys / commerce 7.x-1.0-beta2 7.x-1.0-beta2.x
commerceguys / commerce 7.x-1.0-alpha2 7.x-1.0-alpha2.x
commerceguys / commerce 7.x-1.0-beta1 7.x-1.0-beta1.x
commerceguys / commerce 7.x-1.0 7.x-1.0.x
commerceguys / commerce 7.x-1.0-alpha1 7.x-1.0-alpha1.x
commerceguys / commerce 7.x-1.0-alpha4 7.x-1.0-alpha4.x
commerceguys / commerce 7.x-1.0-beta4 7.x-1.0-beta4.x
commerceguys / commerce 7.x-1.0-rc1 7.x-1.0-rc1.x
commerceguys / commerce 7.x-1.x-dev 7.x-1.x-dev.x