Lucene search

MitreCVE-2014-8743

HistoryOct 13, 2014 - 6:55 p.m.

CVE-2014-8743

2014-10-1318:55:02

CWE-79

mitre

web.nvd.nist.gov

cve-2014-8743

cross-site scripting

xss

drupal

maestro module

remote authenticated users

web script

html

vulnerabilities

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name.

Affected configurations

Nvd

Node

drupalmaestroMatch7.x-1.0

drupalmaestroMatch7.x-1.0alpha1

drupalmaestroMatch7.x-1.0alpha2

drupalmaestroMatch7.x-1.0alpha3

drupalmaestroMatch7.x-1.0rc1

drupalmaestroMatch7.x-1.1

drupalmaestroMatch7.x-1.2

drupalmaestroMatch7.x-1.3

drupalmaestroMatch7.x-1.x-dev

VendorProductVersionCPE
drupalmaestro7.x-1.0cpe:2.3:a:drupal:maestro:7.x-1.0:*:*:*:*:*:*:*
drupalmaestro7.x-1.0cpe:2.3:a:drupal:maestro:7.x-1.0:alpha1:*:*:*:*:*:*
drupalmaestro7.x-1.0cpe:2.3:a:drupal:maestro:7.x-1.0:alpha2:*:*:*:*:*:*
drupalmaestro7.x-1.0cpe:2.3:a:drupal:maestro:7.x-1.0:alpha3:*:*:*:*:*:*
drupalmaestro7.x-1.0cpe:2.3:a:drupal:maestro:7.x-1.0:rc1:*:*:*:*:*:*
drupalmaestro7.x-1.1cpe:2.3:a:drupal:maestro:7.x-1.1:*:*:*:*:*:*:*
drupalmaestro7.x-1.2cpe:2.3:a:drupal:maestro:7.x-1.2:*:*:*:*:*:*:*
drupalmaestro7.x-1.3cpe:2.3:a:drupal:maestro:7.x-1.3:*:*:*:*:*:*:*
drupalmaestro7.x-1.x-devcpe:2.3:a:drupal:maestro:7.x-1.x-dev:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	maestro	7.x-1.0	cpe:2.3:a:drupal:maestro:7.x-1.0:::::::*
drupal	maestro	7.x-1.0	cpe:2.3:a:drupal:maestro:7.x-1.0:alpha1::::::
drupal	maestro	7.x-1.0	cpe:2.3:a:drupal:maestro:7.x-1.0:alpha2::::::
drupal	maestro	7.x-1.0	cpe:2.3:a:drupal:maestro:7.x-1.0:alpha3::::::
drupal	maestro	7.x-1.0	cpe:2.3:a:drupal:maestro:7.x-1.0:rc1::::::
drupal	maestro	7.x-1.1	cpe:2.3:a:drupal:maestro:7.x-1.1:::::::*
drupal	maestro	7.x-1.2	cpe:2.3:a:drupal:maestro:7.x-1.2:::::::*
drupal	maestro	7.x-1.3	cpe:2.3:a:drupal:maestro:7.x-1.3:::::::*
drupal	maestro	7.x-1.x-dev	cpe:2.3:a:drupal:maestro:7.x-1.x-dev:::::::*

References

secunia.com/advisories/56790

www.securityfocus.com/bid/65677

drupal.org/node/2200453

exchange.xforce.ibmcloud.com/vulnerabilities/91274

www.drupal.org/node/2013653

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

Related for CVE-2014-8743