CVE-2012-6645 in Finderinfo

Summary

by MITRE

Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 05/10/2026

The cross-site scripting vulnerability identified as CVE-2012-6645 affects the Drupal content management system's Finder module, specifically targeting versions 6.x-1.x prior to 6.x-1.26 and 7.x-1.x along with 7.x-2.x before 7.x-2.0-alpha8. This vulnerability resides within the autocomplete functionality of the Finder module, which is designed to provide users with intelligent suggestions as they type in search fields. The flaw allows remote attackers to execute malicious scripts in the context of a victim's browser by injecting malicious code through the title field of a node, representing a significant security risk for Drupal installations. The vulnerability operates independently from CVE-2012-1561, indicating it represents a distinct attack vector within the same software ecosystem. The issue stems from inadequate input sanitization and output encoding mechanisms within the module's autocomplete feature, which fails to properly validate or escape user-provided data before rendering it in web pages.

The technical exploitation of this vulnerability occurs when an attacker crafts a malicious node title containing script tags or other malicious HTML content. When the Finder module's autocomplete functionality processes this input, it fails to properly sanitize the data before displaying it in the user interface, allowing the injected scripts to execute in the context of other users' browsers. This type of vulnerability falls under CWE-79, which specifically addresses Cross-Site Scripting flaws in web applications. The vulnerability's impact extends beyond simple script execution as it can potentially enable session hijacking, data theft, or redirection to malicious websites. The attack vector is particularly concerning because it leverages the Finder module's legitimate autocomplete feature, making the malicious code appear to originate from a trusted source within the application interface.

The operational impact of CVE-2012-6645 extends to all Drupal installations utilizing the affected Finder module versions, potentially compromising user sessions and enabling unauthorized access to sensitive data. Attackers can exploit this vulnerability to steal cookies, modify content, or redirect users to phishing sites, making it particularly dangerous for content management systems that handle sensitive information. The vulnerability affects not only the administrative interface but also end-user experiences, as the malicious scripts execute in the context of legitimate users' browsers. Organizations using Drupal for web applications, e-commerce platforms, or content management services face significant risk from this vulnerability, as it can lead to complete compromise of user sessions and potential data breaches. The risk is amplified in environments where users have administrative privileges, as attackers could potentially escalate their privileges and gain full control over the Drupal installation.

Mitigation strategies for this vulnerability require immediate patching of the affected Drupal Finder module versions to the patched releases, specifically upgrading to 6.x-1.26 or 7.x-2.0-alpha8 and later versions. System administrators should implement comprehensive input validation and output encoding measures, ensuring that all user-provided data undergoes proper sanitization before being processed by the autocomplete functionality. The Drupal security team recommends implementing Content Security Policy headers to prevent unauthorized script execution, along with regular security audits of contributed modules to identify potential vulnerabilities. Organizations should also consider implementing web application firewalls and monitoring for suspicious autocomplete requests that may indicate exploitation attempts. This vulnerability highlights the importance of maintaining up-to-date software versions and following security best practices for input validation, as outlined in the ATT&CK framework's mitigation strategies for web application vulnerabilities. The remediation process should include thorough testing of patched versions to ensure that the security fixes do not introduce regressions in functionality while maintaining the integrity of the Finder module's intended behavior.

Reservation

04/08/2014

Disclosure

04/08/2014

Moderation

accepted

Entry

VDB-66892

CPE

ready

EPSS

0.02751

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!