Lucene search

K
cve[email protected]CVE-2014-3933
HistoryJun 02, 2014 - 2:55 p.m.

CVE-2014-3933

2014-06-0214:55:03
CWE-79
web.nvd.nist.gov
26
cve-2014-3933
cross-site scripting
xss
addressfield tokens module
drupal
nvd

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.9%

Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field.

Affected configurations

NVD
Node
newsignatureaddressfield_tokensMatch7.x-1.0drupal
OR
newsignatureaddressfield_tokensMatch7.x-1.1drupal
OR
newsignatureaddressfield_tokensMatch7.x-1.2drupal
OR
newsignatureaddressfield_tokensMatch7.x-1.3drupal

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.9%

Related for CVE-2014-3933