Unrated severityNVD Advisory· Published Aug 14, 2012· Updated Apr 29, 2026
CVE-2012-2298
CVE-2012-2298
Description
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
Affected products
12cpe:2.3:a:nancy_wichmann:realname:6.x-1.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:nancy_wichmann:realname:6.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:nancy_wichmann:realname:6.x-1.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:nancy_wichmann:realname:6.x-1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:nancy_wichmann:realname:6.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:nancy_wichmann:realname:6.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:nancy_wichmann:realname:6.x-1.4:*:*:*:*:*:*:*
- cpe:2.3:a:nancy_wichmann:realname:6.x-1.x:dev:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- drupal.org/node/1547352nvdPatch
- drupal.org/node/1547660nvdPatchVendor Advisory
- drupalcode.org/project/realname.git/commitdiff/41786d0nvdExploitPatch
- drupalcode.org/project/realname.git/commitdiff/b920794nvdExploitPatch
- secunia.com/advisories/48936nvdVendor Advisory
- www.openwall.com/lists/oss-security/2012/05/03/1nvd
- www.openwall.com/lists/oss-security/2012/05/03/2nvd
- www.securityfocus.com/bid/53250nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/75181nvd
News mentions
0No linked articles in our index yet.