Cross site scripting

2012-09-2000:55:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter.

CPENameOperatorVersion
password_policyeq<= 6.x-1.3
password_policyeq5.x-1.0 alpha1
password_policyeq5.x-1.x dev
password_policyeq6.120.10
password_policyeq6.x-1.0 alpha3
password_policyeq6.x-1.0 alpha2
password_policyeq6.x-1.0 beta1
password_policyeq6.x-1.0 alpha1
password_policyeq6.x-1.0 alpha4
password_policyeq6.120.11

Name	Operator	Version
password_policy	eq	<= 6.x-1.3
password_policy	eq	5.x-1.0 alpha1
password_policy	eq	5.x-1.x dev
password_policy	eq	6.120.10
password_policy	eq	6.x-1.0 alpha3
password_policy	eq	6.x-1.0 alpha2
password_policy	eq	6.x-1.0 beta1
password_policy	eq	6.x-1.0 alpha1
password_policy	eq	6.x-1.0 alpha4
password_policy	eq	6.120.11