CVE-2015-7879

Опубликовано: 11 сент. 2017

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page.

Ссылки

http://www.openwall.com/lists/oss-security/2015/10/21/2
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/77022
Third Party Advisory
VDB Entry
https://www.drupal.org/node/2581519
Release Notes
Vendor Advisory
https://www.drupal.org/node/2581997
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/10/21/2
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/77022
Third Party Advisory
VDB Entry
https://www.drupal.org/node/2581519
Release Notes
Vendor Advisory
https://www.drupal.org/node/2581997
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:stickynote_project:stickynote:7.x-1.0:*:*:*:*:drupal:*:*

cpe:2.3:a:stickynote_project:stickynote:7.x-1.1:*:*:*:*:drupal:*:*

cpe:2.3:a:stickynote_project:stickynote:7.x-1.2:*:*:*:*:drupal:*:*

cpe:2.3:a:stickynote_project:stickynote:7.x-1.x-dev:*:*:*:*:drupal:*:*

EPSS

Процентиль: 61%

0.0041

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-r5vw-pf7p-6hgj