Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2012-1647
Deferred
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-28 Aug, 2012 | 17:55
Updated At-11 Apr, 2025 | 00:51

Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via (1) $_SERVER['HTTP_HOST'] or (2) $_SERVER['SCRIPT_NAME'] to players/osmplayer/player/OSMPlayer.php, (3) playlist parameter to players/osmplayer/player/getplaylist.php, and possibly other vectors related to $_SESSION.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:*:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta1:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta2:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta4:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:beta5:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc1:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc2:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc3:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc4:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc5:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc6:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc7:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc8:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0
cpe:2.3:a:mediafront:mediafront:6.x-1.0:rc9:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.0-beta3
cpe:2.3:a:mediafront:mediafront:6.x-1.0-beta3:*:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.1
cpe:2.3:a:mediafront:mediafront:6.x-1.1:*:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.2
cpe:2.3:a:mediafront:mediafront:6.x-1.2:*:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.3
cpe:2.3:a:mediafront:mediafront:6.x-1.3:*:*:*:*:*:*:*
mediafront
mediafront
>>mediafront>>6.x-1.x
cpe:2.3:a:mediafront:mediafront:6.x-1.x:dev:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>-
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://drupalcode.org/project/mediafront.git/commitdiff/6300750secalert@redhat.com
Exploit
Patch
http://drupalcode.org/project/mediafront.git/commitdiff/b3857aasecalert@redhat.com
Exploit
Patch
http://www.openwall.com/lists/oss-security/2012/04/07/1secalert@redhat.com
N/A
http://www.osvdb.org/79684secalert@redhat.com
N/A
http://www.securityfocus.com/bid/52229secalert@redhat.com
N/A
https://drupal.org/node/1460892secalert@redhat.com
Patch
https://drupal.org/node/1460894secalert@redhat.com
Patch
https://drupal.org/node/1461424secalert@redhat.com
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/73606secalert@redhat.com
N/A
http://drupalcode.org/project/mediafront.git/commitdiff/6300750af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://drupalcode.org/project/mediafront.git/commitdiff/b3857aaaf854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://www.openwall.com/lists/oss-security/2012/04/07/1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/79684af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/52229af854a3a-2127-422b-91ae-364da2661108
N/A
https://drupal.org/node/1460892af854a3a-2127-422b-91ae-364da2661108
Patch
https://drupal.org/node/1460894af854a3a-2127-422b-91ae-364da2661108
Patch
https://drupal.org/node/1461424af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/73606af854a3a-2127-422b-91ae-364da2661108
N/A
Change History
0Changes found
Details not found