Lucene search

[email protected]CVE-2015-3344

HistoryApr 21, 2015 - 4:59 p.m.

CVE-2015-3344

2015-04-2116:59:04

CWE-79

[email protected]

web.nvd.nist.gov

cve

2015

3344

cross-site scripting

xss

vulnerability

course module

drupal

remote authenticated users

web script

html

node title

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.

Affected configurations

NVD

Node

dlc_solutionscourseMatch6.x-1.0-alpha1drupal

dlc_solutionscourseMatch6.x-1.0-rc1drupal

dlc_solutionscourseMatch6.x-1.0-rc2drupal

dlc_solutionscourseMatch6.x-1.0-rc3drupal

dlc_solutionscourseMatch6.x-1.0-rc4drupal

dlc_solutionscourseMatch6.x-1.0-rc5drupal

dlc_solutionscourseMatch6.x-1.0-rc6drupal

dlc_solutionscourseMatch6.x-1.0-rc7drupal

dlc_solutionscourseMatch6.x-1.0-rc8drupal

dlc_solutionscourseMatch6.x-1.0-rc9drupal

dlc_solutionscourseMatch6.x-1.0-rc10drupal

dlc_solutionscourseMatch6.x-1.1drupal

dlc_solutionscourseMatch6.x-1.x-devdrupal

dlc_solutionscourseMatch7.x-1.0drupal

dlc_solutionscourseMatch7.x-1.0-alpha1drupal

dlc_solutionscourseMatch7.x-1.0-alpha2drupal

dlc_solutionscourseMatch7.x-1.0-alpha3drupal

dlc_solutionscourseMatch7.x-1.0-beta1drupal

dlc_solutionscourseMatch7.x-1.0-beta2drupal

dlc_solutionscourseMatch7.x-1.0-beta3drupal

dlc_solutionscourseMatch7.x-1.0-rc1drupal

dlc_solutionscourseMatch7.x-1.0-rc2drupal

dlc_solutionscourseMatch7.x-1.0-rc3drupal

dlc_solutionscourseMatch7.x-1.0-rc4drupal

dlc_solutionscourseMatch7.x-1.1drupal

dlc_solutionscourseMatch7.x-1.2drupal

dlc_solutionscourseMatch7.x-1.3drupal

dlc_solutionscourseMatch7.x-1.x-devdrupal

CPENameOperatorVersion
dlc_solutions:coursedlc solutions courseeq6.x-1.0-alpha1
dlc_solutions:coursedlc solutions courseeq6.x-1.0-rc1
dlc_solutions:coursedlc solutions courseeq6.x-1.0-rc2
dlc_solutions:coursedlc solutions courseeq6.x-1.0-rc3
dlc_solutions:coursedlc solutions courseeq6.x-1.0-rc4
dlc_solutions:coursedlc solutions courseeq6.x-1.0-rc5
dlc_solutions:coursedlc solutions courseeq6.x-1.0-rc6
dlc_solutions:coursedlc solutions courseeq6.x-1.0-rc7
dlc_solutions:coursedlc solutions courseeq6.x-1.0-rc8
dlc_solutions:coursedlc solutions courseeq6.x-1.0-rc9

CPE	Name	Operator	Version
dlc_solutions:course	dlc solutions course	eq	6.x-1.0-alpha1
dlc_solutions:course	dlc solutions course	eq	6.x-1.0-rc1
dlc_solutions:course	dlc solutions course	eq	6.x-1.0-rc2
dlc_solutions:course	dlc solutions course	eq	6.x-1.0-rc3
dlc_solutions:course	dlc solutions course	eq	6.x-1.0-rc4
dlc_solutions:course	dlc solutions course	eq	6.x-1.0-rc5
dlc_solutions:course	dlc solutions course	eq	6.x-1.0-rc6
dlc_solutions:course	dlc solutions course	eq	6.x-1.0-rc7
dlc_solutions:course	dlc solutions course	eq	6.x-1.0-rc8
dlc_solutions:course	dlc solutions course	eq	6.x-1.0-rc9

Rows per page:

1-10 of 281

References

www.openwall.com/lists/oss-security/2015/01/29/6

www.securityfocus.com/bid/72631

www.drupal.org/node/2403305

www.drupal.org/node/2403309

www.drupal.org/node/2403333

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for CVE-2015-3344

cvelist1 prion1 nvd1 drupal1