exploitDog

CVE-2014-8376

Опубликовано: 21 окт. 2014

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings.

Ссылки

http://secunia.com/advisories/60758
http://www.securityfocus.com/bid/69343
https://www.drupal.org/node/2324303
Patch
https://www.drupal.org/node/2324689
Vendor Advisory
http://secunia.com/advisories/60758
http://www.securityfocus.com/bid/69343
https://www.drupal.org/node/2324303
Patch
https://www.drupal.org/node/2324689
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:site_banner_project:site_banner:*:*:*:*:*:drupal:*:*

Версия до 7.x-4.0 (включая)

EPSS

Процентиль: 42%

0.00201

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-hpwc-ph2g-hp5v

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings.

EPSS

Процентиль: 42%

0.00201

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79