Lucene search

[email protected]CVE-2014-5456

HistoryAug 25, 2014 - 4:55 p.m.

CVE-2014-5456

2014-08-2516:55:05

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-5456

cross-site scripting

xss

vulnerability

social stats module

drupal

nvd

configuration

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.0%

JSON

Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the “[Content Type]: Create new content” permission to inject arbitrary web script or HTML via vectors related to the configuration.

Affected configurations

NVD

Node

social_stats_projectsocial_statsRange≤7.x-1.4drupal

social_stats_projectsocial_statsMatch7.x-1.0drupal

social_stats_projectsocial_statsMatch7.x-1.1drupal

social_stats_projectsocial_statsMatch7.x-1.2drupal

social_stats_projectsocial_statsMatch7.x-1.3drupal

social_stats_projectsocial_statsMatch7.x-1.xdevdrupal

CPENameOperatorVersion
social_stats_project:social_statssocial stats project social statsle7.x-1.4
social_stats_project:social_statssocial stats project social statseq7.x-1.0
social_stats_project:social_statssocial stats project social statseq7.x-1.1
social_stats_project:social_statssocial stats project social statseq7.x-1.2
social_stats_project:social_statssocial stats project social statseq7.x-1.3
social_stats_project:social_statssocial stats project social statseq7.x-1.x

CPE	Name	Operator	Version
social_stats_project:social_stats	social stats project social stats	le	7.x-1.4
social_stats_project:social_stats	social stats project social stats	eq	7.x-1.0
social_stats_project:social_stats	social stats project social stats	eq	7.x-1.1
social_stats_project:social_stats	social stats project social stats	eq	7.x-1.2
social_stats_project:social_stats	social stats project social stats	eq	7.x-1.3
social_stats_project:social_stats	social stats project social stats	eq	7.x-1.x

References

secunia.com/advisories/60759

www.securityfocus.com/bid/69346

www.drupal.org/node/2323983

www.drupal.org/node/2324681

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.0%

JSON

Related for CVE-2014-5456

nvd1 drupal1 prion1 cvelist1