Cross site scripting

2013-08-2315:55:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.0%

JSON

Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the “administer imagemenu” permission to inject arbitrary web script or HTML via an image file name.

CPENameOperatorVersion
imagemenueq6.x-1.0 rc5
imagemenueq6.x-1.0 rc4
imagemenueq6.x-1.0 rc3
imagemenueq6.x-1.0 rc1
imagemenueq6.120.10
imagemenueq6.x-1.0 rc2
imagemenueq6.120.11
imagemenueq6.120.12
imagemenueq6.120.13
imagemenueq6.x-1.x dev

Name	Operator	Version
imagemenu	eq	6.x-1.0 rc5
imagemenu	eq	6.x-1.0 rc4
imagemenu	eq	6.x-1.0 rc3
imagemenu	eq	6.x-1.0 rc1
imagemenu	eq	6.120.10
imagemenu	eq	6.x-1.0 rc2
imagemenu	eq	6.120.11
imagemenu	eq	6.120.12
imagemenu	eq	6.120.13
imagemenu	eq	6.x-1.x dev