Vulnerabilities > CVE-2012-3802 - Cross-Site Scripting and Access Security Bypass vulnerability in Drupal Post Affiliate Pro

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

peter-pokrivcak

drupal

NVD

Published: 2012-06-27

Updated: 2017-08-29

Summary

Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.

Vulnerable Configurations

Part	Description	Count
Application	Peter_Pokrivcak Peter Pokrivcak Post Affiliate PRO -	1
Application	Drupal Drupal Drupal -	1

References

http://drupal.org/node/1585648
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.securityfocus.com/bid/53589
https://exchange.xforce.ibmcloud.com/vulnerabilities/75716