Lucene search

RedhatCVE-2013-2129

HistoryJun 24, 2013 - 4:55 p.m.

CVE-2013-2129

2013-06-2416:55:01

CWE-79

redhat

web.nvd.nist.gov

cve-2013-2129

cross-site scripting

xss vulnerability

webform module

drupal

remote authenticated users

arbitrary web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.003

Percentile

65.7%

JSON

Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the “edit own webform content” or “edit all webform content” permissions to inject arbitrary web script or HTML via a component label.

Affected configurations

Nvd

Node

nathan_haugwebformRange≤6.x-3.18

nathan_haugwebformMatch6.x-3.0

nathan_haugwebformMatch6.x-3.0beta1

nathan_haugwebformMatch6.x-3.0beta2

nathan_haugwebformMatch6.x-3.0beta3

nathan_haugwebformMatch6.x-3.0beta4

nathan_haugwebformMatch6.x-3.0beta5

nathan_haugwebformMatch6.x-3.0beta6

nathan_haugwebformMatch6.x-3.1

nathan_haugwebformMatch6.x-3.2

nathan_haugwebformMatch6.x-3.3

nathan_haugwebformMatch6.x-3.4

nathan_haugwebformMatch6.x-3.5

nathan_haugwebformMatch6.x-3.6

nathan_haugwebformMatch6.x-3.7

nathan_haugwebformMatch6.x-3.8

nathan_haugwebformMatch6.x-3.9

nathan_haugwebformMatch6.x-3.10

nathan_haugwebformMatch6.x-3.11

nathan_haugwebformMatch6.x-3.12

nathan_haugwebformMatch6.x-3.13

nathan_haugwebformMatch6.x-3.14

nathan_haugwebformMatch6.x-3.15

nathan_haugwebformMatch6.x-3.16

nathan_haugwebformMatch6.x-3.17

nathan_haugwebformMatch6.x-3.xdev

AND

drupaldrupalMatch-

VendorProductVersionCPE
nathan_haugwebform*cpe:2.3:a:nathan_haug:webform:*:*:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:*:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta1:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta2:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta3:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta4:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta5:*:*:*:*:*:*
nathan_haugwebform6.x-3.0cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta6:*:*:*:*:*:*
nathan_haugwebform6.x-3.1cpe:2.3:a:nathan_haug:webform:6.x-3.1:*:*:*:*:*:*:*
nathan_haugwebform6.x-3.2cpe:2.3:a:nathan_haug:webform:6.x-3.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nathan_haug	webform	*	cpe:2.3:a:nathan_haug:webform::::::::
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:::::::*
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta1::::::
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta2::::::
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta3::::::
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta4::::::
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta5::::::
nathan_haug	webform	6.x-3.0	cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta6::::::
nathan_haug	webform	6.x-3.1	cpe:2.3:a:nathan_haug:webform:6.x-3.1:::::::*
nathan_haug	webform	6.x-3.2	cpe:2.3:a:nathan_haug:webform:6.x-3.2:::::::*

Rows per page:

1-10 of 271

References

osvdb.org/93749

secunia.com/advisories/53184

www.securityfocus.com/bid/60218

drupal.org/node/2007390

drupal.org/node/2007460

exchange.xforce.ibmcloud.com/vulnerabilities/84628

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.003

Percentile

65.7%

JSON

Related for CVE-2013-2129