Lucene search

[email protected]NVD:CVE-2013-1971

HistoryJun 25, 2013 - 6:55 p.m.

CVE-2013-1971

2013-06-2518:55:01

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

38.8%

JSON

Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file.

Affected configurations

Nvd

Node

jordan_de_launemp3_playerRange≤6.x-1.1

jordan_de_launemp3_playerMatch6.x-1.0

jordan_de_launemp3_playerMatch6.x-1.0beta1

AND

drupaldrupalMatch-

VendorProductVersionCPE
jordan_de_launemp3_player*cpe:2.3:a:jordan_de_laune:mp3_player:*:*:*:*:*:*:*:*
jordan_de_launemp3_player6.x-1.0cpe:2.3:a:jordan_de_laune:mp3_player:6.x-1.0:*:*:*:*:*:*:*
jordan_de_launemp3_player6.x-1.0cpe:2.3:a:jordan_de_laune:mp3_player:6.x-1.0:beta1:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jordan_de_laune	mp3_player	*	cpe:2.3:a:jordan_de_laune:mp3_player::::::::
jordan_de_laune	mp3_player	6.x-1.0	cpe:2.3:a:jordan_de_laune:mp3_player:6.x-1.0:::::::*
jordan_de_laune	mp3_player	6.x-1.0	cpe:2.3:a:jordan_de_laune:mp3_player:6.x-1.0:beta1::::::
drupal	drupal	-	cpe:2.3:a:drupal:drupal:-:::::::*

References

www.securityfocus.com/bid/59276

drupal.org/node/1972804

exchange.xforce.ibmcloud.com/vulnerabilities/83649

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

38.8%

JSON

Related for NVD:CVE-2013-1971

prion1 drupal1 cve1 cvelist1