Lucene search

[email protected]CVE-2014-8317

HistoryOct 17, 2014 - 2:55 p.m.

CVE-2014-8317

2014-10-1714:55:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-8317

cross-site scripting

xss

vulnerability

webform validation

drupal

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.2%

JSON

Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text.

Affected configurations

NVD

Node

webform_validation_projectwebform_validationMatch6.x-1.0drupal

webform_validation_projectwebform_validationMatch6.x-1.1drupal

webform_validation_projectwebform_validationMatch6.x-1.2drupal

webform_validation_projectwebform_validationMatch6.x-1.3drupal

webform_validation_projectwebform_validationMatch6.x-1.4drupal

webform_validation_projectwebform_validationMatch6.x-1.5drupal

webform_validation_projectwebform_validationMatch7.x-1.0drupal

webform_validation_projectwebform_validationMatch7.x-1.1drupal

webform_validation_projectwebform_validationMatch7.x-1.2drupal

webform_validation_projectwebform_validationMatch7.x-1.3drupal

CPENameOperatorVersion
webform_validation_project:webform_validationwebform validation project webform validationeq6.x-1.0
webform_validation_project:webform_validationwebform validation project webform validationeq6.x-1.1
webform_validation_project:webform_validationwebform validation project webform validationeq6.x-1.2
webform_validation_project:webform_validationwebform validation project webform validationeq6.x-1.3
webform_validation_project:webform_validationwebform validation project webform validationeq6.x-1.4
webform_validation_project:webform_validationwebform validation project webform validationeq6.x-1.5
webform_validation_project:webform_validationwebform validation project webform validationeq7.x-1.0
webform_validation_project:webform_validationwebform validation project webform validationeq7.x-1.1
webform_validation_project:webform_validationwebform validation project webform validationeq7.x-1.2
webform_validation_project:webform_validationwebform validation project webform validationeq7.x-1.3

CPE	Name	Operator	Version
webform_validation_project:webform_validation	webform validation project webform validation	eq	6.x-1.0
webform_validation_project:webform_validation	webform validation project webform validation	eq	6.x-1.1
webform_validation_project:webform_validation	webform validation project webform validation	eq	6.x-1.2
webform_validation_project:webform_validation	webform validation project webform validation	eq	6.x-1.3
webform_validation_project:webform_validation	webform validation project webform validation	eq	6.x-1.4
webform_validation_project:webform_validation	webform validation project webform validation	eq	6.x-1.5
webform_validation_project:webform_validation	webform validation project webform validation	eq	7.x-1.0
webform_validation_project:webform_validation	webform validation project webform validation	eq	7.x-1.1
webform_validation_project:webform_validation	webform validation project webform validation	eq	7.x-1.2
webform_validation_project:webform_validation	webform validation project webform validation	eq	7.x-1.3

References

secunia.com/advisories/56882

www.securityfocus.com/bid/65525

drupal.org/node/2194621

exchange.xforce.ibmcloud.com/vulnerabilities/91134

www.drupal.org/node/2194011

www.drupal.org/node/2194013

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.2%

JSON

Related for CVE-2014-8317

nvd1 prion1 cvelist1