Lucene search

MitreCVE-2015-4387

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4387

2015-06-1514:59:43

CWE-79

mitre

web.nvd.nist.gov

cve-2015-4387

cross-site scripting

xss

vulnerability

password policy module

drupal

nvd

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a crafted username that is imported from an external source.

Affected configurations

Nvd

Node

password_policy_projectpassword_policyMatch6.x-1.0drupal

password_policy_projectpassword_policyMatch6.x-1.1drupal

password_policy_projectpassword_policyMatch6.x-1.2drupal

password_policy_projectpassword_policyMatch6.x-1.3drupal

password_policy_projectpassword_policyMatch6.x-1.4drupal

password_policy_projectpassword_policyMatch6.x-1.5drupal

password_policy_projectpassword_policyMatch6.x-1.6drupal

password_policy_projectpassword_policyMatch6.x-1.7drupal

password_policy_projectpassword_policyMatch6.x-1.8drupal

password_policy_projectpassword_policyMatch6.x-1.9drupal

password_policy_projectpassword_policyMatch6.x-1.10drupal

password_policy_projectpassword_policyMatch7.x-1.0drupal

password_policy_projectpassword_policyMatch7.x-1.1drupal

password_policy_projectpassword_policyMatch7.x-1.2drupal

password_policy_projectpassword_policyMatch7.x-1.3drupal

password_policy_projectpassword_policyMatch7.x-1.4drupal

password_policy_projectpassword_policyMatch7.x-1.5drupal

password_policy_projectpassword_policyMatch7.x-1.6drupal

password_policy_projectpassword_policyMatch7.x-1.7drupal

password_policy_projectpassword_policyMatch7.x-1.8drupal

password_policy_projectpassword_policyMatch7.x-1.9drupal

password_policy_projectpassword_policyMatch7.x-1.10drupal

VendorProductVersionCPE
password_policy_projectpassword_policy6.x-1.0cpe:2.3:a:password_policy_project:password_policy:6.x-1.0:*:*:*:*:drupal:*:*
password_policy_projectpassword_policy6.x-1.1cpe:2.3:a:password_policy_project:password_policy:6.x-1.1:*:*:*:*:drupal:*:*
password_policy_projectpassword_policy6.x-1.2cpe:2.3:a:password_policy_project:password_policy:6.x-1.2:*:*:*:*:drupal:*:*
password_policy_projectpassword_policy6.x-1.3cpe:2.3:a:password_policy_project:password_policy:6.x-1.3:*:*:*:*:drupal:*:*
password_policy_projectpassword_policy6.x-1.4cpe:2.3:a:password_policy_project:password_policy:6.x-1.4:*:*:*:*:drupal:*:*
password_policy_projectpassword_policy6.x-1.5cpe:2.3:a:password_policy_project:password_policy:6.x-1.5:*:*:*:*:drupal:*:*
password_policy_projectpassword_policy6.x-1.6cpe:2.3:a:password_policy_project:password_policy:6.x-1.6:*:*:*:*:drupal:*:*
password_policy_projectpassword_policy6.x-1.7cpe:2.3:a:password_policy_project:password_policy:6.x-1.7:*:*:*:*:drupal:*:*
password_policy_projectpassword_policy6.x-1.8cpe:2.3:a:password_policy_project:password_policy:6.x-1.8:*:*:*:*:drupal:*:*
password_policy_projectpassword_policy6.x-1.9cpe:2.3:a:password_policy_project:password_policy:6.x-1.9:*:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
password_policy_project	password_policy	6.x-1.0	cpe:2.3:a:password_policy_project:password_policy:6.x-1.0:::::drupal::
password_policy_project	password_policy	6.x-1.1	cpe:2.3:a:password_policy_project:password_policy:6.x-1.1:::::drupal::
password_policy_project	password_policy	6.x-1.2	cpe:2.3:a:password_policy_project:password_policy:6.x-1.2:::::drupal::
password_policy_project	password_policy	6.x-1.3	cpe:2.3:a:password_policy_project:password_policy:6.x-1.3:::::drupal::
password_policy_project	password_policy	6.x-1.4	cpe:2.3:a:password_policy_project:password_policy:6.x-1.4:::::drupal::
password_policy_project	password_policy	6.x-1.5	cpe:2.3:a:password_policy_project:password_policy:6.x-1.5:::::drupal::
password_policy_project	password_policy	6.x-1.6	cpe:2.3:a:password_policy_project:password_policy:6.x-1.6:::::drupal::
password_policy_project	password_policy	6.x-1.7	cpe:2.3:a:password_policy_project:password_policy:6.x-1.7:::::drupal::
password_policy_project	password_policy	6.x-1.8	cpe:2.3:a:password_policy_project:password_policy:6.x-1.8:::::drupal::
password_policy_project	password_policy	6.x-1.9	cpe:2.3:a:password_policy_project:password_policy:6.x-1.9:::::drupal::

Rows per page:

1-10 of 221

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/74348

www.drupal.org/node/2463327

www.drupal.org/node/2463329

www.drupal.org/node/2463835

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Related for CVE-2015-4387