Lucene search

[email protected]CVE-2015-6753

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2015-6753

2022-10-0316:15:53

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-6753

drupal

xss

quick edit

remote authenticated users

web script

html

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title.

Affected configurations

NVD

Node

quick_edit_projectquick_editMatch7.x-1.0drupal

quick_edit_projectquick_editMatch7.x-1.1drupal

CPENameOperatorVersion
quick_edit_project:quick_editquick edit project quick editeq7.x-1.0
quick_edit_project:quick_editquick edit project quick editeq7.x-1.1

CPE	Name	Operator	Version
quick_edit_project:quick_edit	quick edit project quick edit	eq	7.x-1.0
quick_edit_project:quick_edit	quick edit project quick edit	eq	7.x-1.1

References

www.drupal.org/node/2546066

www.drupal.org/node/2546164

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.5%

JSON

Related for CVE-2015-6753

nvd1 prion1 cvelist1 drupal1