Lucene search

[email protected]CVE-2014-8318

HistoryOct 17, 2014 - 2:55 p.m.

CVE-2014-8318

2014-10-1714:55:03

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-8318

cross-site scripting

xss

drupal

webform

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.9%

JSON

Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields have the same form_key.

Affected configurations

NVD

Node

webform_projectwebformMatch6.x-3.0drupal

webform_projectwebformMatch6.x-3.1drupal

webform_projectwebformMatch6.x-3.2drupal

webform_projectwebformMatch6.x-3.3drupal

webform_projectwebformMatch6.x-3.4drupal

webform_projectwebformMatch6.x-3.5drupal

webform_projectwebformMatch6.x-3.6drupal

webform_projectwebformMatch6.x-3.7drupal

webform_projectwebformMatch6.x-3.8drupal

webform_projectwebformMatch6.x-3.9drupal

webform_projectwebformMatch6.x-3.10drupal

webform_projectwebformMatch6.x-3.11drupal

webform_projectwebformMatch6.x-3.12drupal

webform_projectwebformMatch6.x-3.13drupal

webform_projectwebformMatch6.x-3.14drupal

webform_projectwebformMatch6.x-3.15drupal

webform_projectwebformMatch6.x-3.16drupal

webform_projectwebformMatch6.x-3.17drupal

webform_projectwebformMatch6.x-3.18drupal

webform_projectwebformMatch6.x-3.19drupal

webform_projectwebformMatch7.x-3.0drupal

webform_projectwebformMatch7.x-3.1drupal

webform_projectwebformMatch7.x-3.2drupal

webform_projectwebformMatch7.x-3.3drupal

webform_projectwebformMatch7.x-3.4drupal

webform_projectwebformMatch7.x-3.5drupal

webform_projectwebformMatch7.x-3.6drupal

webform_projectwebformMatch7.x-3.7drupal

webform_projectwebformMatch7.x-3.8drupal

webform_projectwebformMatch7.x-3.9drupal

webform_projectwebformMatch7.x-3.10drupal

webform_projectwebformMatch7.x-3.11drupal

webform_projectwebformMatch7.x-3.12drupal

webform_projectwebformMatch7.x-3.13drupal

webform_projectwebformMatch7.x-3.14drupal

webform_projectwebformMatch7.x-3.15drupal

webform_projectwebformMatch7.x-3.16drupal

webform_projectwebformMatch7.x-3.17drupal

webform_projectwebformMatch7.x-3.18drupal

webform_projectwebformMatch7.x-3.19drupal

webform_projectwebformMatch7.x-4.0drupal

CPENameOperatorVersion
webform_project:webformwebform project webformeq6.x-3.0
webform_project:webformwebform project webformeq6.x-3.1
webform_project:webformwebform project webformeq6.x-3.2
webform_project:webformwebform project webformeq6.x-3.3
webform_project:webformwebform project webformeq6.x-3.4
webform_project:webformwebform project webformeq6.x-3.5
webform_project:webformwebform project webformeq6.x-3.6
webform_project:webformwebform project webformeq6.x-3.7
webform_project:webformwebform project webformeq6.x-3.8
webform_project:webformwebform project webformeq6.x-3.9

CPE	Name	Operator	Version
webform_project:webform	webform project webform	eq	6.x-3.0
webform_project:webform	webform project webform	eq	6.x-3.1
webform_project:webform	webform project webform	eq	6.x-3.2
webform_project:webform	webform project webform	eq	6.x-3.3
webform_project:webform	webform project webform	eq	6.x-3.4
webform_project:webform	webform project webform	eq	6.x-3.5
webform_project:webform	webform project webform	eq	6.x-3.6
webform_project:webform	webform project webform	eq	6.x-3.7
webform_project:webform	webform project webform	eq	6.x-3.8
webform_project:webform	webform project webform	eq	6.x-3.9

Rows per page:

1-10 of 411

References

osvdb.org/103262

secunia.com/advisories/56860

www.securityfocus.com/bid/65528

drupal.org/node/2194671

exchange.xforce.ibmcloud.com/vulnerabilities/91156

www.drupal.org/node/2194175

www.drupal.org/node/2194181

www.drupal.org/node/2194183

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for CVE-2014-8318

cvelist1 drupal1 prion1 nvd1