Cross site scripting

2013-03-1914:55:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.9%

JSON

Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the “administer user relationships” permission to inject arbitrary web script or HTML via a relationship name.

CPENameOperatorVersion
user_relationshipseq6.x-1.0 rc5
user_relationshipseq6.x-1.0 rc4
user_relationshipseq6.x-1.0 rc6
user_relationshipseq6.x-1.0 beta8
user_relationshipseq6.x-1.0 beta1
user_relationshipseq6.x-1.0 beta4
user_relationshipseq6.x-1.0 rc1
user_relationshipseq6.x-1.0 beta3
user_relationshipseq6.x-1.0 beta10
user_relationshipseq6.x-1.0 beta6

Name	Operator	Version
user_relationships	eq	6.x-1.0 rc5
user_relationships	eq	6.x-1.0 rc4
user_relationships	eq	6.x-1.0 rc6
user_relationships	eq	6.x-1.0 beta8
user_relationships	eq	6.x-1.0 beta1
user_relationships	eq	6.x-1.0 beta4
user_relationships	eq	6.x-1.0 rc1
user_relationships	eq	6.x-1.0 beta3
user_relationships	eq	6.x-1.0 beta10
user_relationships	eq	6.x-1.0 beta6