Lucene search
HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-5964
cve-2013-5964
cross-site scripting
xss
vulnerability
flag module
drupal
administration page
nvd
2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.6%
Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the “Administer flags” permission to inject arbitrary web script or HTML via the flag title.
Affected configurations
Node
joachim_noreikoflag_moduleMatch7.x-3.0
ORjoachim_noreikoflag_moduleMatch7.x-3.0beta1
ORjoachim_noreikoflag_moduleMatch7.x-3.0rc1
drupaldrupalMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| joachim_noreiko:flag_module | joachim noreiko flag module | eq | 7.x-3.0 |
Related
nvd
nvd
CVE-2013-5964
2013-09-30 21:55:07
CVE-2013-4336
2014-04-27 22:55:05
prion
prion
Cross site scripting
2013-09-30 21:55:00
Design/Logic Flaw
2014-04-27 22:55:00
cvelist
cvelist
CVE-2013-5964
2022-10-03 16:14:55
cve
cve
CVE-2013-4336
2014-04-27 22:55:05
2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.6%
Related for CVE-2013-5964