CVE-2012-5654 : The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured t

The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags.

Published 2013-01-03 01:55:04

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2012-5654

Nodewords Project » Nodewords » Update Beta2
Versions up to, including, (<=) 6.x-1.14
cpe:2.3:a:nodewords_project:nodewords:*:beta2:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.12 Update Beta7
cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta7:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.12 Update Beta6
cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta6:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.12 Update Beta5
cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta5:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.12 Update Beta4
cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta4:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.12 Update Beta3
cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta3:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.3 Update Beta4
cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:beta4:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.3 Update Beta3
cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:beta3:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.3 Update Alpha2
cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:alpha2:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.3 Update Alpha1
cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:alpha1:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.7
cpe:2.3:a:nodewords_project:nodewords:5.x-1.7:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.5
cpe:2.3:a:nodewords_project:nodewords:5.x-1.5:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.4
cpe:2.3:a:nodewords_project:nodewords:5.x-1.4:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.3
cpe:2.3:a:nodewords_project:nodewords:5.x-1.3:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.14 Update Beta1
cpe:2.3:a:nodewords_project:nodewords:6.x-1.14:beta1:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.13 Update RC2
cpe:2.3:a:nodewords_project:nodewords:6.x-1.13:rc2:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.13
cpe:2.3:a:nodewords_project:nodewords:6.x-1.13:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.9
cpe:2.3:a:nodewords_project:nodewords:6.x-1.9:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.8
cpe:2.3:a:nodewords_project:nodewords:6.x-1.8:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.7
cpe:2.3:a:nodewords_project:nodewords:6.x-1.7:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.6
cpe:2.3:a:nodewords_project:nodewords:6.x-1.6:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.13
cpe:2.3:a:nodewords_project:nodewords:5.x-1.13:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.12
cpe:2.3:a:nodewords_project:nodewords:5.x-1.12:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.11
cpe:2.3:a:nodewords_project:nodewords:5.x-1.11:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 4.7-1.1
cpe:2.3:a:nodewords_project:nodewords:4.7-1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 4.7-1.0
cpe:2.3:a:nodewords_project:nodewords:4.7-1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 4.7-1.x Update DEV
cpe:2.3:a:nodewords_project:nodewords:4.7-1.x:dev:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.12 Update RC1
cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:rc1:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.12 Update Beta8
cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta8:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.12 Update Beta1
cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta1:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.10
cpe:2.3:a:nodewords_project:nodewords:6.x-1.10:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.5
cpe:2.3:a:nodewords_project:nodewords:6.x-1.5:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.3
cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.1
cpe:2.3:a:nodewords_project:nodewords:6.x-1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.0 Update RC1
cpe:2.3:a:nodewords_project:nodewords:6.x-1.0:rc1:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.9
cpe:2.3:a:nodewords_project:nodewords:5.x-1.9:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.8 Update RC1
cpe:2.3:a:nodewords_project:nodewords:5.x-1.8:rc1:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.2
cpe:2.3:a:nodewords_project:nodewords:5.x-1.2:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.x Update DEV
cpe:2.3:a:nodewords_project:nodewords:5.x-1.x:dev:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.13 Update RC1
cpe:2.3:a:nodewords_project:nodewords:6.x-1.13:rc1:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.12 Update Beta9
cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta9:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.12 Update Beta2
cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta2:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.11
cpe:2.3:a:nodewords_project:nodewords:6.x-1.11:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.4
cpe:2.3:a:nodewords_project:nodewords:6.x-1.4:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.3 Update Beta5
cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:beta5:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.2
cpe:2.3:a:nodewords_project:nodewords:6.x-1.2:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.0
cpe:2.3:a:nodewords_project:nodewords:6.x-1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 6.x-1.x Update DEV
cpe:2.3:a:nodewords_project:nodewords:6.x-1.x:dev:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.10
cpe:2.3:a:nodewords_project:nodewords:5.x-1.10:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.8
cpe:2.3:a:nodewords_project:nodewords:5.x-1.8:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 5.x-1.0
cpe:2.3:a:nodewords_project:nodewords:5.x-1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A
Nodewords Project » Nodewords » Version: 4.7-1.2
cpe:2.3:a:nodewords_project:nodewords:4.7-1.2:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2012-5654

EPSS FAQ

0.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-5654

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-5654

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-5654

http://drupal.org/node/1859208

nodewords 6.x-1.14 | Drupal.org
Patch
http://www.openwall.com/lists/oss-security/2012/12/20/1

oss-security - Re: CVE request for Drupal core, and contributed modules

CVEs referencing this url
http://drupal.org/node/1859282

Access to this page has been denied.
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2012-5654

Products affected by CVE-2012-5654

Exploit prediction scoring system (EPSS) score for CVE-2012-5654

CVSS scores for CVE-2012-5654

CWE ids for CVE-2012-5654

References for CVE-2012-5654