Описание
Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.
Ссылки
- Patch
- PatchVendor Advisory
- Patch
- Patch
- PatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:drupal:drupal_e-commerce_module:4.7:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00301
Низкий
3.5 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.
EPSS
Процентиль: 53%
0.00301
Низкий
3.5 Low
CVSS2
Дефекты
NVD-CWE-Other