Lucene search

MitreCVE-2014-8744

HistoryOct 13, 2014 - 6:55 p.m.

CVE-2014-8744

2014-10-1318:55:02

CWE-79

mitre

web.nvd.nist.gov

cve-2014-8744

cross-site scripting

xss

nivo slider

drupal

security vulnerability

administer nivo slider permission

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the “administer nivo slider” permission to inject arbitrary web script or HTML via an image title.

Affected configurations

Nvd

Node

drupalnivo_sliderMatch7.x-1.0

drupalnivo_sliderMatch7.x-1.1

drupalnivo_sliderMatch7.x-1.2

drupalnivo_sliderMatch7.x-1.3

drupalnivo_sliderMatch7.x-1.4

drupalnivo_sliderMatch7.x-1.5

drupalnivo_sliderMatch7.x-1.6

drupalnivo_sliderMatch7.x-1.7

drupalnivo_sliderMatch7.x-1.8

drupalnivo_sliderMatch7.x-1.9

drupalnivo_sliderMatch7.x-1.10

VendorProductVersionCPE
drupalnivo_slider7.x-1.0cpe:2.3:a:drupal:nivo_slider:7.x-1.0:*:*:*:*:*:*:*
drupalnivo_slider7.x-1.1cpe:2.3:a:drupal:nivo_slider:7.x-1.1:*:*:*:*:*:*:*
drupalnivo_slider7.x-1.2cpe:2.3:a:drupal:nivo_slider:7.x-1.2:*:*:*:*:*:*:*
drupalnivo_slider7.x-1.3cpe:2.3:a:drupal:nivo_slider:7.x-1.3:*:*:*:*:*:*:*
drupalnivo_slider7.x-1.4cpe:2.3:a:drupal:nivo_slider:7.x-1.4:*:*:*:*:*:*:*
drupalnivo_slider7.x-1.5cpe:2.3:a:drupal:nivo_slider:7.x-1.5:*:*:*:*:*:*:*
drupalnivo_slider7.x-1.6cpe:2.3:a:drupal:nivo_slider:7.x-1.6:*:*:*:*:*:*:*
drupalnivo_slider7.x-1.7cpe:2.3:a:drupal:nivo_slider:7.x-1.7:*:*:*:*:*:*:*
drupalnivo_slider7.x-1.8cpe:2.3:a:drupal:nivo_slider:7.x-1.8:*:*:*:*:*:*:*
drupalnivo_slider7.x-1.9cpe:2.3:a:drupal:nivo_slider:7.x-1.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	nivo_slider	7.x-1.0	cpe:2.3:a:drupal:nivo_slider:7.x-1.0:::::::*
drupal	nivo_slider	7.x-1.1	cpe:2.3:a:drupal:nivo_slider:7.x-1.1:::::::*
drupal	nivo_slider	7.x-1.2	cpe:2.3:a:drupal:nivo_slider:7.x-1.2:::::::*
drupal	nivo_slider	7.x-1.3	cpe:2.3:a:drupal:nivo_slider:7.x-1.3:::::::*
drupal	nivo_slider	7.x-1.4	cpe:2.3:a:drupal:nivo_slider:7.x-1.4:::::::*
drupal	nivo_slider	7.x-1.5	cpe:2.3:a:drupal:nivo_slider:7.x-1.5:::::::*
drupal	nivo_slider	7.x-1.6	cpe:2.3:a:drupal:nivo_slider:7.x-1.6:::::::*
drupal	nivo_slider	7.x-1.7	cpe:2.3:a:drupal:nivo_slider:7.x-1.7:::::::*
drupal	nivo_slider	7.x-1.8	cpe:2.3:a:drupal:nivo_slider:7.x-1.8:::::::*
drupal	nivo_slider	7.x-1.9	cpe:2.3:a:drupal:nivo_slider:7.x-1.9:::::::*

Rows per page:

1-10 of 111

References

secunia.com/advisories/57459

www.securityfocus.com/bid/66327

exchange.xforce.ibmcloud.com/vulnerabilities/92009

www.drupal.org/node/2220545

www.drupal.org/node/2221481

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

Related for CVE-2014-8744