Lucene search

[email protected]CVE-2015-5495

HistoryAug 18, 2015 - 5:59 p.m.

CVE-2015-5495

2015-08-1817:59:50

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-5495

cross-site scripting

xss

vulnerability

mobile sliding menu module

drupal

nvd

admin permission

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.6%

JSON

Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the “administer menu” permission to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

mobile_sliding_menu_projectmobile_sliding_menuMatch7.x-2.x-devdrupal

CPENameOperatorVersion
mobile_sliding_menu_project:mobile_sliding_menumobile sliding menu project mobile sliding menueq7.x-2.x-dev

CPE	Name	Operator	Version
mobile_sliding_menu_project:mobile_sliding_menu	mobile sliding menu project mobile sliding menu	eq	7.x-2.x-dev

References

www.openwall.com/lists/oss-security/2015/07/04/4

www.drupal.org/node/2484213

www.drupal.org/node/2484233

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.6%

JSON

Related for CVE-2015-5495

drupal1 nvd1 prion1 cvelist1