Lucene search

[email protected]CVE-2015-4381

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4381

2015-06-1514:59:37

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-4381

cross-site scripting

xss

vulnerability

drupal

invoice module

nvd

security

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the “Administer own invoices” permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the “Invoice” content type.

Affected configurations

NVD

Node

invoice_projectinvoiceMatch6.x-1.1drupal

invoice_projectinvoiceMatch7.x-1.x-devdrupal

CPENameOperatorVersion
invoice_project:invoiceinvoice project invoiceeq6.x-1.1
invoice_project:invoiceinvoice project invoiceeq7.x-1.x-dev

CPE	Name	Operator	Version
invoice_project:invoice	invoice project invoice	eq	6.x-1.1
invoice_project:invoice	invoice project invoice	eq	7.x-1.x-dev

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/74345

www.drupal.org/node/2459337

www.drupal.org/node/2474135

www.drupal.org/node/2474139

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for CVE-2015-4381

prion1 cvelist1 nvd1 drupal1