Lucene search

[email protected]CVE-2014-9740

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-9740

2022-10-0316:20:40

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-9740

cross-site scripting

xss

drupal

rules link

nvd

security vulnerability

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.6%

JSON

Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the “administer rules links” permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link.

Affected configurations

NVD

Node

rules_link_projectrules_linkMatch7.x-1.0drupal

rules_link_projectrules_linkMatch7.x-1.0beta1drupal

rules_link_projectrules_linkMatch7.x-1.0beta2drupal

rules_link_projectrules_linkMatch7.x-1.0beta3drupal

rules_link_projectrules_linkMatch7.x-1.0beta4drupal

rules_link_projectrules_linkMatch7.x-1.0beta5drupal

CPENameOperatorVersion
rules_link_project:rules_linkrules link project rules linkeq7.x-1.0

CPE	Name	Operator	Version
rules_link_project:rules_link	rules link project rules link	eq	7.x-1.0

References

www.securityfocus.com/bid/69447

www.drupal.org/node/2328549

www.drupal.org/node/2328567

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.6%

JSON

Related for CVE-2014-9740

prion1 drupal1 cvelist1 nvd1