Lucene search

[email protected]CVE-2013-2129

HistoryJun 24, 2013 - 4:55 p.m.

CVE-2013-2129

2013-06-2416:55:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-2129

cross-site scripting

xss vulnerability

webform module

drupal

remote authenticated users

arbitrary web script

html

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the “edit own webform content” or “edit all webform content” permissions to inject arbitrary web script or HTML via a component label.

Affected configurations

NVD

Node

nathan_haugwebformRange≤6.x-3.18

nathan_haugwebformMatch6.x-3.0

nathan_haugwebformMatch6.x-3.0beta1

nathan_haugwebformMatch6.x-3.0beta2

nathan_haugwebformMatch6.x-3.0beta3

nathan_haugwebformMatch6.x-3.0beta4

nathan_haugwebformMatch6.x-3.0beta5

nathan_haugwebformMatch6.x-3.0beta6

nathan_haugwebformMatch6.x-3.1

nathan_haugwebformMatch6.x-3.2

nathan_haugwebformMatch6.x-3.3

nathan_haugwebformMatch6.x-3.4

nathan_haugwebformMatch6.x-3.5

nathan_haugwebformMatch6.x-3.6

nathan_haugwebformMatch6.x-3.7

nathan_haugwebformMatch6.x-3.8

nathan_haugwebformMatch6.x-3.9

nathan_haugwebformMatch6.x-3.10

nathan_haugwebformMatch6.x-3.11

nathan_haugwebformMatch6.x-3.12

nathan_haugwebformMatch6.x-3.13

nathan_haugwebformMatch6.x-3.14

nathan_haugwebformMatch6.x-3.15

nathan_haugwebformMatch6.x-3.16

nathan_haugwebformMatch6.x-3.17

nathan_haugwebformMatch6.x-3.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
nathan_haug:webformnathan haug webformle6.x-3.18
nathan_haug:webformnathan haug webformeq6.x-3.0
nathan_haug:webformnathan haug webformeq6.x-3.1
nathan_haug:webformnathan haug webformeq6.x-3.2
nathan_haug:webformnathan haug webformeq6.x-3.3
nathan_haug:webformnathan haug webformeq6.x-3.4
nathan_haug:webformnathan haug webformeq6.x-3.5
nathan_haug:webformnathan haug webformeq6.x-3.6
nathan_haug:webformnathan haug webformeq6.x-3.7
nathan_haug:webformnathan haug webformeq6.x-3.8

CPE	Name	Operator	Version
nathan_haug:webform	nathan haug webform	le	6.x-3.18
nathan_haug:webform	nathan haug webform	eq	6.x-3.0
nathan_haug:webform	nathan haug webform	eq	6.x-3.1
nathan_haug:webform	nathan haug webform	eq	6.x-3.2
nathan_haug:webform	nathan haug webform	eq	6.x-3.3
nathan_haug:webform	nathan haug webform	eq	6.x-3.4
nathan_haug:webform	nathan haug webform	eq	6.x-3.5
nathan_haug:webform	nathan haug webform	eq	6.x-3.6
nathan_haug:webform	nathan haug webform	eq	6.x-3.7
nathan_haug:webform	nathan haug webform	eq	6.x-3.8

Rows per page:

1-10 of 201

References

osvdb.org/93749

secunia.com/advisories/53184

www.securityfocus.com/bid/60218

drupal.org/node/2007390

drupal.org/node/2007460

exchange.xforce.ibmcloud.com/vulnerabilities/84628

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.6%

JSON

Related for CVE-2013-2129

cvelist1 prion1 drupal1 nvd1