Nixpkgs security tracker

Untriaged

Permalink CVE-2012-5558

created 2 months ago Activity log

Created suggestion 2 months ago

Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions …

Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym.

References

http://drupal.org/node/1840892 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/11/20/4 x_transferredx_refsource_MISC
http://drupal.org/node/1840954 x_transferredx_refsource_MISC
http://drupal.org/node/1840956 x_transferredx_refsource_MISC

Affected products

Smiley

==6.x-1.x versions prior to 6.x-1.1

Smileys

==6.x-1.x versions prior to 6.x-1.1

Matching in nixpkgs

pkgs.smiley-sans

Condensed and oblique Chinese typeface seeking a visual balance between the humanist and the geometric

nixos-unstable 2.0.1
- nixpkgs-unstable 2.0.1
- nixos-unstable-small 2.0.1
nixos-25.11 2.0.1
- nixos-25.11-small 2.0.1
- nixpkgs-25.11-darwin 2.0.1

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.smiley-sans