Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-9740

Опубликовано: 06 июл. 2015
Источник: nvd
CVSS2: 2.1
EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rules_link_project:rules_link:7.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:rules_link_project:rules_link:7.x-1.0:beta1:*:*:*:drupal:*:*
cpe:2.3:a:rules_link_project:rules_link:7.x-1.0:beta2:*:*:*:drupal:*:*
cpe:2.3:a:rules_link_project:rules_link:7.x-1.0:beta3:*:*:*:drupal:*:*
cpe:2.3:a:rules_link_project:rules_link:7.x-1.0:beta4:*:*:*:drupal:*:*
cpe:2.3:a:rules_link_project:rules_link:7.x-1.0:beta5:*:*:*:drupal:*:*

EPSS

Процентиль: 43%
0.00209
Низкий

2.1 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-xvc4-xc7h-xwp4

github
больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link.

EPSS

Процентиль: 43%
0.00209
Низкий

2.1 Low

CVSS2

Дефекты

CWE-79