Vulnerability Details : CVE-2012-3802
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.
Exploit prediction scoring system (EPSS) score for CVE-2012-3802
Probability of exploitation activity in the next 30 days: 0.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3802
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
References for CVE-2012-3802
-
http://www.securityfocus.com/bid/53589
Drupal Post Affiliate Pro Cross Site Scripting and Access Security Bypass Vulnerabilities
-
http://www.openwall.com/lists/oss-security/2012/06/14/3
oss-security - Re: CVE Request for Drupal contributed modules
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75716
Post Affiliate Pro module for Drupal registration page cross-site scripting CVE-2012-3802 Vulnerability Report
-
http://drupal.org/node/1585648
Access to this page has been denied.Patch;Vendor Advisory
Products affected by CVE-2012-3802
- cpe:2.3:a:peter_pokrivcak:post_affiliate_pro:-:*:*:*:*:*:*:*