Lucene search

MitreCVE-2015-3390

HistoryApr 21, 2015 - 6:59 p.m.

CVE-2015-3390

2015-04-2118:59:12

CWE-79

mitre

web.nvd.nist.gov

cve-2015-3390

cross-site scripting

xss

vulnerability

facebook album fetcher

drupal

nvd

access administration pages permission

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

41.9%

JSON

Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the “access administration pages” permission to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

facebook_album_fetcher_projectfacebook_album_fetcherMatch7.x-1.x-devdrupal

VendorProductVersionCPE
facebook_album_fetcher_projectfacebook_album_fetcher7.x-1.x-devcpe:2.3:a:facebook_album_fetcher_project:facebook_album_fetcher:7.x-1.x-dev:*:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
facebook_album_fetcher_project	facebook_album_fetcher	7.x-1.x-dev	cpe:2.3:a:facebook_album_fetcher_project:facebook_album_fetcher:7.x-1.x-dev:::::drupal::

References

www.openwall.com/lists/oss-security/2015/02/05/16

www.securityfocus.com/bid/72570

exchange.xforce.ibmcloud.com/vulnerabilities/100655

www.drupal.org/node/2420161

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

41.9%

JSON

Related for CVE-2015-3390