Lucene search

RedhatCVE-2013-4174

HistoryAug 19, 2013 - 11:55 p.m.

CVE-2013-4174

2013-08-1923:55:08

CWE-79

redhat

web.nvd.nist.gov

cve

2013

4174

xss

vulnerabilities

drupal

scald

module

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module.

Affected configurations

Nvd

Node

owsscaldMatch7.x-1.0

AND

drupaldrupalMatch-

VendorProductVersionCPE
owsscald7.x-1.0cpe:2.3:a:ows:scald:7.x-1.0:*:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ows	scald	7.x-1.0	cpe:2.3:a:ows:scald:7.x-1.0:::::::*
drupal	drupal	-	cpe:2.3:a:drupal:drupal:-:::::::*

References

drupalcode.org/project/scald.git/commitdiff/32db1ee

osvdb.org/95625

seclists.org/fulldisclosure/2013/Jul/224

secunia.com/advisories/54144

www.securityfocus.com/bid/61426

drupal.org/node/2049251

drupal.org/node/2049415

exchange.xforce.ibmcloud.com/vulnerabilities/85964

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

Related for CVE-2013-4174