Lucene search

[email protected]CVE-2013-4174

HistoryAug 19, 2013 - 11:55 p.m.

CVE-2013-4174

2013-08-1923:55:08

CWE-79

[email protected]

web.nvd.nist.gov

cve

2013

4174

xss

vulnerabilities

drupal

scald

module

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module.

Affected configurations

NVD

Node

owsscaldMatch7.x-1.0

AND

drupaldrupalMatch-

CPENameOperatorVersion
ows:scaldows scaldeq7.x-1.0

CPE	Name	Operator	Version
ows:scald	ows scald	eq	7.x-1.0

References

drupalcode.org/project/scald.git/commitdiff/32db1ee

osvdb.org/95625

seclists.org/fulldisclosure/2013/Jul/224

secunia.com/advisories/54144

www.securityfocus.com/bid/61426

drupal.org/node/2049251

drupal.org/node/2049415

exchange.xforce.ibmcloud.com/vulnerabilities/85964

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for CVE-2013-4174

prion2 nvd2 drupal1 cvelist2 cve1