Lucene search

MitreCVE-2015-4346

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4346

2015-06-1514:59:02

CWE-79

mitre

web.nvd.nist.gov

cve-2015-4346

cross-site scripting

xss

sms framework module

drupal

security vulnerability

nvd

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the “Send to phone” submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews.

Affected configurations

Nvd

Node

sms_framework_projectsms_frameworkMatch6.x-1.0drupal

sms_framework_projectsms_frameworkMatch6.x-1.1drupal

sms_framework_projectsms_frameworkMatch6.x-2.0-alpha1drupal

sms_framework_projectsms_frameworkMatch6.x-2.x-devdrupal

VendorProductVersionCPE
sms_framework_projectsms_framework6.x-1.0cpe:2.3:a:sms_framework_project:sms_framework:6.x-1.0:*:*:*:*:drupal:*:*
sms_framework_projectsms_framework6.x-1.1cpe:2.3:a:sms_framework_project:sms_framework:6.x-1.1:*:*:*:*:drupal:*:*
sms_framework_projectsms_framework6.x-2.0-alpha1cpe:2.3:a:sms_framework_project:sms_framework:6.x-2.0-alpha1:*:*:*:*:drupal:*:*
sms_framework_projectsms_framework6.x-2.x-devcpe:2.3:a:sms_framework_project:sms_framework:6.x-2.x-dev:*:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
sms_framework_project	sms_framework	6.x-1.0	cpe:2.3:a:sms_framework_project:sms_framework:6.x-1.0:::::drupal::
sms_framework_project	sms_framework	6.x-1.1	cpe:2.3:a:sms_framework_project:sms_framework:6.x-1.1:::::drupal::
sms_framework_project	sms_framework	6.x-2.0-alpha1	cpe:2.3:a:sms_framework_project:sms_framework:6.x-2.0-alpha1:::::drupal::
sms_framework_project	sms_framework	6.x-2.x-dev	cpe:2.3:a:sms_framework_project:sms_framework:6.x-2.x-dev:::::drupal::

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/72807

www.drupal.org/node/2431717

www.drupal.org/node/2437943

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Related for CVE-2015-4346