What is the severity of CVE-2012-1632?

The severity of CVE-2012-1632 is classified as moderate due to its potential to allow cross-site scripting attacks.

How do I fix CVE-2012-1632?

To fix CVE-2012-1632, update the Password Policy module to version 6.x-1.4 or later for Drupal 6, or 7.x-1.0 beta4 or later for Drupal 7.

What versions of the Password Policy module are affected by CVE-2012-1632?

CVE-2012-1632 affects Password Policy module versions prior to 6.x-1.4 and 7.x-1.0 beta3.

Who can exploit CVE-2012-1632?

CVE-2012-1632 can be exploited by remote authenticated users who have administer policies permissions.

What type of vulnerability is CVE-2012-1632?

CVE-2012-1632 is a cross-site scripting (XSS) vulnerability that allows the injection of arbitrary web script or HTML.

Vulnerability/
CVE-2012-1632

low

2.1

CWE

20/9/2012

17/9/2024

CVE-2012-1632: XSS

First published: Thu Sep 20 2012(Updated: )

Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Password Policy Project	<=6.x-1.3
Password Policy Project	=5.x-1.0-alpha1
Password Policy Project	=5.x-1.x-dev
Password Policy Project	=6.x-1.0
Password Policy Project	=6.x-1.0-alpha1
Password Policy Project	=6.x-1.0-alpha2
Password Policy Project	=6.x-1.0-alpha3
Password Policy Project	=6.x-1.0-alpha4
Password Policy Project	=6.x-1.0-beta1
Password Policy Project	=6.x-1.1
Password Policy Project	=6.x-1.2
Password Policy Project	=6.x-1.x-dev
Password Policy Project	=7.x-1.0-beta3
Drupal

Remedy

http://drupal.org/node/1401678

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1632?
The severity of CVE-2012-1632 is classified as moderate due to its potential to allow cross-site scripting attacks.
How do I fix CVE-2012-1632?
To fix CVE-2012-1632, update the Password Policy module to version 6.x-1.4 or later for Drupal 6, or 7.x-1.0 beta4 or later for Drupal 7.
What versions of the Password Policy module are affected by CVE-2012-1632?
CVE-2012-1632 affects Password Policy module versions prior to 6.x-1.4 and 7.x-1.0 beta3.
Who can exploit CVE-2012-1632?
CVE-2012-1632 can be exploited by remote authenticated users who have administer policies permissions.
What type of vulnerability is CVE-2012-1632?
CVE-2012-1632 is a cross-site scripting (XSS) vulnerability that allows the injection of arbitrary web script or HTML.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/references
agent/last-modified-date
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/erik webb
canonical/password policy project
version/password policy project/6.x-1.3
version/password policy project/5.x-1.0-alpha1
version/password policy project/5.x-1.x-dev
version/password policy project/6.x-1.0
version/password policy project/6.x-1.0-alpha1
version/password policy project/6.x-1.0-alpha2
version/password policy project/6.x-1.0-alpha3
version/password policy project/6.x-1.0-alpha4
version/password policy project/6.x-1.0-beta1
version/password policy project/6.x-1.1
version/password policy project/6.x-1.2
version/password policy project/6.x-1.x-dev
version/password policy project/7.x-1.0-beta3
vendor/drupal
canonical/drupal