Lucene search

[email protected]CVE-2015-3390

HistoryApr 21, 2015 - 6:59 p.m.

CVE-2015-3390

2015-04-2118:59:12

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-3390

cross-site scripting

xss

vulnerability

facebook album fetcher

drupal

nvd

access administration pages permission

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the “access administration pages” permission to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

facebook_album_fetcher_projectfacebook_album_fetcherMatch7.x-1.x-devdrupal

CPENameOperatorVersion
facebook_album_fetcher_project:facebook_album_fetcherfacebook album fetcher project facebook album fetchereq7.x-1.x-dev

CPE	Name	Operator	Version
facebook_album_fetcher_project:facebook_album_fetcher	facebook album fetcher project facebook album fetcher	eq	7.x-1.x-dev

References

www.openwall.com/lists/oss-security/2015/02/05/16

www.securityfocus.com/bid/72570

exchange.xforce.ibmcloud.com/vulnerabilities/100655

www.drupal.org/node/2420161

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

Related for CVE-2015-3390

prion1 drupal1 cvelist1 nvd1 kaspersky1