Lucene search
HistoryApr 21, 2015 - 4:59 p.m.
CVE-2015-3361
cve-2015-3361
cross-site scripting
xss
linkit module
drupal
remote authenticated users
node title
2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.8%
Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title.
Affected configurations
Node
linkit_projectlinkitRange7.x-1.0–7.x-2.7drupal
ORlinkit_projectlinkitRange7.x-3.0–7.x-3.3drupal
| CPE | Name | Operator | Version |
|---|---|---|---|
| linkit_project:linkit | linkit project linkit | lt | 7.x-2.7 |
| linkit_project:linkit | linkit project linkit | lt | 7.x-3.3 |
Related
cvelist
cvelist
CVE-2015-3361
2015-04-21 16:00:00
drupal
drupal
SA-CONTRIB-2015-009 - Linkit - Cross Site Scripting (XSS)
2015-01-07 00:00:00
prion
prion
Cross site scripting
2015-04-21 16:59:00
nvd
nvd
CVE-2015-3361
2015-04-21 16:59:20
2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.8%
Related for CVE-2015-3361