Lucene search

MitreCVE-2014-4303

HistoryJun 18, 2014 - 2:55 p.m.

CVE-2014-4303

2014-06-1814:55:13

CWE-79

mitre

web.nvd.nist.gov

cve-2014-4303

cross-site scripting

xss

touch theme

drupal

administer themes permission

twitter

facebook

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

42.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to the (1) Twitter and (2) Facebook username settings.

Affected configurations

Nvd

Node

drupactouchMatch7.x-1.0drupal

drupactouchMatch7.x-1.1drupal

drupactouchMatch7.x-1.2drupal

drupactouchMatch7.x-1.3drupal

drupactouchMatch7.x-1.4drupal

drupactouchMatch7.x-1.5drupal

drupactouchMatch7.x-1.6drupal

drupactouchMatch7.x-1.7drupal

drupactouchMatch7.x-1.8drupal

VendorProductVersionCPE
drupactouch7.x-1.0cpe:2.3:a:drupac:touch:7.x-1.0:*:*:*:*:drupal:*:*
drupactouch7.x-1.1cpe:2.3:a:drupac:touch:7.x-1.1:*:*:*:*:drupal:*:*
drupactouch7.x-1.2cpe:2.3:a:drupac:touch:7.x-1.2:*:*:*:*:drupal:*:*
drupactouch7.x-1.3cpe:2.3:a:drupac:touch:7.x-1.3:*:*:*:*:drupal:*:*
drupactouch7.x-1.4cpe:2.3:a:drupac:touch:7.x-1.4:*:*:*:*:drupal:*:*
drupactouch7.x-1.5cpe:2.3:a:drupac:touch:7.x-1.5:*:*:*:*:drupal:*:*
drupactouch7.x-1.6cpe:2.3:a:drupac:touch:7.x-1.6:*:*:*:*:drupal:*:*
drupactouch7.x-1.7cpe:2.3:a:drupac:touch:7.x-1.7:*:*:*:*:drupal:*:*
drupactouch7.x-1.8cpe:2.3:a:drupac:touch:7.x-1.8:*:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
drupac	touch	7.x-1.0	cpe:2.3:a:drupac:touch:7.x-1.0:::::drupal::
drupac	touch	7.x-1.1	cpe:2.3:a:drupac:touch:7.x-1.1:::::drupal::
drupac	touch	7.x-1.2	cpe:2.3:a:drupac:touch:7.x-1.2:::::drupal::
drupac	touch	7.x-1.3	cpe:2.3:a:drupac:touch:7.x-1.3:::::drupal::
drupac	touch	7.x-1.4	cpe:2.3:a:drupac:touch:7.x-1.4:::::drupal::
drupac	touch	7.x-1.5	cpe:2.3:a:drupac:touch:7.x-1.5:::::drupal::
drupac	touch	7.x-1.6	cpe:2.3:a:drupac:touch:7.x-1.6:::::drupal::
drupac	touch	7.x-1.7	cpe:2.3:a:drupac:touch:7.x-1.7:::::drupal::
drupac	touch	7.x-1.8	cpe:2.3:a:drupac:touch:7.x-1.8:::::drupal::

References

secunia.com/advisories/58828

www.securityfocus.com/bid/68045

drupal.org/node/2269483

drupal.org/node/2284415

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

42.9%

JSON

Related for CVE-2014-4303