Lucene search

K
cve[email protected]CVE-2014-3933
HistoryJun 02, 2014 - 2:55 p.m.

CVE-2014-3933

2014-06-0214:55:03
CWE-79
web.nvd.nist.gov
26
cve-2014-3933
cross-site scripting
xss
addressfield tokens module
drupal
nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.0%

Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field.

Affected configurations

NVD
Node
newsignatureaddressfield_tokensMatch7.x-1.0drupal
OR
newsignatureaddressfield_tokensMatch7.x-1.1drupal
OR
newsignatureaddressfield_tokensMatch7.x-1.2drupal
OR
newsignatureaddressfield_tokensMatch7.x-1.3drupal

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.0%

Related for CVE-2014-3933