Lucene search
HistoryMay 20, 2014 - 2:55 p.m.
CVE-2013-4380
cve-2013-4380
cross-site scripting
xss
mediafront module
drupal
web script
html
preset settings
5.5 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the “administer mediafront” permission to inject arbitrary web script or HTML via the preset settings.
CPE configuration
mediafrontmediafrontMatch6.x-1.0
ORmediafrontmediafrontMatch6.x-1.0beta1
ORmediafrontmediafrontMatch6.x-1.0beta2
ORmediafrontmediafrontMatch6.x-1.0beta4
ORmediafrontmediafrontMatch6.x-1.0beta5
ORmediafrontmediafrontMatch6.x-1.0rc1
ORmediafrontmediafrontMatch6.x-1.0rc2
ORmediafrontmediafrontMatch6.x-1.0rc3
ORmediafrontmediafrontMatch6.x-1.0rc4
ORmediafrontmediafrontMatch6.x-1.0rc5
ORmediafrontmediafrontMatch6.x-1.0rc6
ORmediafrontmediafrontMatch6.x-1.0rc7
ORmediafrontmediafrontMatch6.x-1.0rc8
ORmediafrontmediafrontMatch6.x-1.0rc9
ORmediafrontmediafrontMatch6.x-1.1
ORmediafrontmediafrontMatch6.x-1.2
ORmediafrontmediafrontMatch6.x-1.3
ORmediafrontmediafrontMatch6.x-1.5
ORmediafrontmediafrontMatch6.x-1.xdev
drupaldrupalMatch-
Related
prion
prion
Cross site scripting
2014-05-20 14:55:00
drupal
drupal
SA-CONTRIB-2013-074 - MediaFront - Cross Site Scripting (XSS)
2013-09-11 00:00:00
cvelist
cvelist
CVE-2013-4380
2014-05-20 14:00:00
nvd
nvd
NVD:CVE-2013-4380
2014-05-20 14:55:04
5.5 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
Related for CVE-2013-4380