Описание
Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options.
Ссылки
- Patch
- PatchVendor Advisory
- ExploitPatch
- Vendor Advisory
- Patch
- Patch
- PatchVendor Advisory
- ExploitPatch
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:mathew_winstone:mobile_tools:6.x-2.0:*:*:*:*:*:*:*
cpe:2.3:a:mathew_winstone:mobile_tools:6.x-2.1:*:*:*:*:*:*:*
cpe:2.3:a:mathew_winstone:mobile_tools:6.x-2.2:*:*:*:*:*:*:*
cpe:2.3:a:mathew_winstone:mobile_tools:6.x-2.x:dev:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00702
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options.
EPSS
Процентиль: 71%
0.00702
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79