CVE-2013-7064

Опубликовано: 29 апр. 2014

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values.

Ссылки

http://www.openwall.com/lists/oss-security/2013/12/06/7
http://www.openwall.com/lists/oss-security/2013/12/12/1
https://drupal.org/node/2139875
Patch
https://drupal.org/node/2140123
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/12/06/7
http://www.openwall.com/lists/oss-security/2013/12/12/1
https://drupal.org/node/2139875
Patch
https://drupal.org/node/2140123
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:*:*:*:*:*:drupal:*:*

Версия до 7.x-1.11 (включая)

cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.0:*:*:*:*:drupal:*:*

cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.1:*:*:*:*:drupal:*:*

cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.2:*:*:*:*:drupal:*:*

cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.6:*:*:*:*:drupal:*:*

cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.7:*:*:*:*:drupal:*:*

cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.8:*:*:*:*:drupal:*:*

cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.9:*:*:*:*:drupal:*:*

cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.10:*:*:*:*:drupal:*:*

cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:7.x-1.x:dev:*:*:*:drupal:*:*

EPSS

Процентиль: 42%

0.00201

Низкий

2.1 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2013-7064

ubuntu

почти 12 лет назад

GHSA-8ww6-w8fm-v567

github

больше 3 лет назад