Описание
Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE will be REJECTed in the future
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00373
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 3 лет назад
** DISPUTED ** Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE will be REJECTed in the future.
EPSS
Процентиль: 58%
0.00373
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79