Lucene search

K
cve[email protected]CVE-2013-4138
HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-4138

2022-10-0316:14:58
CWE-79
web.nvd.nist.gov
16
cve-2013-4138
cross-site scripting
xss
hatch theme
drupal
nvd

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the “Administer content,” “Create new article,” or “Edit any article type content” permission to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD
Node
alienwphatchMatch7.x-1.0
OR
alienwphatchMatch7.x-1.1
OR
alienwphatchMatch7.x-1.2
OR
alienwphatchMatch7.x-1.3
OR
alienwphatchMatch7.x-1.xdev
AND
drupaldrupalMatch-

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

Related for CVE-2013-4138