Lucene search
MitreCVE-2015-3368HistoryApr 21, 2015 - 4:59 p.m.
CVE-2015-3368
2015-04-2116:59:27
CWE-79
mitre
web.nvd.nist.gov
26
cve-2015-3368
xss
classified ads
drupal
administration
authenticated users
web script
html
nvd
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
44.6%
Cross-site scripting (XSS) vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the “administer taxonomy” permission to inject arbitrary web script or HTML via a category name.
Affected configurations
Node
osinetclassified_adsRange≤6.x-3.1beta2drupal
ORosinetclassified_adsMatch7.x-3.1beta2drupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| osinet | classified_ads | * | cpe:2.3:a:osinet:classified_ads:*:beta2:*:*:*:drupal:*:* |
| osinet | classified_ads | 7.x-3.1 | cpe:2.3:a:osinet:classified_ads:7.x-3.1:beta2:*:*:*:drupal:*:* |
Related
prion
prion
Cross site scripting
2015-04-21 16:59:00
cvelist
cvelist
CVE-2015-3368
2015-04-21 16:00:00
drupal
drupal
SA-CONTRIB-2015-023 - Classified Ads - Cross Site Scripting (XSS)
2015-01-21 00:00:00
nvd
nvd
CVE-2015-3368
2015-04-21 16:59:27
kaspersky
kaspersky
KLA10563 Multiple vulnerabilities in Drupal modules
2015-04-21 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
44.6%
Related for CVE-2015-3368