Lucene search

[email protected]CVE-2015-4365

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4365

2015-06-1514:59:21

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-4365

cross-site scripting

xss

taxonomy accordion

drupal

nvd

security vulnerability.

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.9%

JSON

Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.

Affected configurations

NVD

Node

taxonomy_accordion_projecttaxonomy_accordiondrupal

CPENameOperatorVersion
taxonomy_accordion_project:taxonomy_accordiontaxonomy accordion project taxonomy accordioneq*

CPE	Name	Operator	Version
taxonomy_accordion_project:taxonomy_accordion	taxonomy accordion project taxonomy accordion	eq	*

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/72952

www.drupal.org/node/2445973

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.9%

JSON

Related for CVE-2015-4365

prion1 cvelist1 nvd1 drupal1