CVE-2013-4138

2022-10-0316:14:58

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-4138

cross-site scripting

xss

hatch theme

drupal

nvd

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.6%

JSON

Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the “Administer content,” “Create new article,” or “Edit any article type content” permission to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

alienwphatchMatch7.x-1.0

alienwphatchMatch7.x-1.1

alienwphatchMatch7.x-1.2

alienwphatchMatch7.x-1.3

alienwphatchMatch7.x-1.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
alienwp:hatchalienwp hatcheq7.x-1.0
alienwp:hatchalienwp hatcheq7.x-1.1
alienwp:hatchalienwp hatcheq7.x-1.2
alienwp:hatchalienwp hatcheq7.x-1.3
alienwp:hatchalienwp hatcheq7.x-1.x

CPE	Name	Operator	Version
alienwp:hatch	alienwp hatch	eq	7.x-1.0
alienwp:hatch	alienwp hatch	eq	7.x-1.1
alienwp:hatch	alienwp hatch	eq	7.x-1.2
alienwp:hatch	alienwp hatch	eq	7.x-1.3
alienwp:hatch	alienwp hatch	eq	7.x-1.x