Описание
classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks.
Ссылки
- Patch
- PatchVendor Advisory
- ExploitPatch
- Vendor Advisory
- Patch
- PatchVendor Advisory
- ExploitPatch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:authoring_html:6.x-1.0:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00155
Низкий
3.5 Low
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
около 3 лет назад
classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks.
EPSS
Процентиль: 37%
0.00155
Низкий
3.5 Low
CVSS2
Дефекты
CWE-264