Lucene search

[email protected]CVE-2016-7571

HistoryOct 03, 2016 - 6:59 p.m.

CVE-2016-7571

2016-10-0318:59:16

CWE-79

[email protected]

web.nvd.nist.gov

cve

2016

7571

cross-site scripting

xss

vulnerability

drupal 8.x

remote attackers

http exception

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

49.2%

JSON

Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.

Affected configurations

NVD

Node

drupaldrupalMatch8.0.0

drupaldrupalMatch8.0.0alpha10

drupaldrupalMatch8.0.0alpha11

drupaldrupalMatch8.0.0alpha12

drupaldrupalMatch8.0.0alpha13

drupaldrupalMatch8.0.0alpha14

drupaldrupalMatch8.0.0alpha15

drupaldrupalMatch8.0.0alpha2

drupaldrupalMatch8.0.0alpha3

drupaldrupalMatch8.0.0alpha4

drupaldrupalMatch8.0.0alpha5

drupaldrupalMatch8.0.0alpha6

drupaldrupalMatch8.0.0alpha7

drupaldrupalMatch8.0.0alpha8

drupaldrupalMatch8.0.0alpha9

drupaldrupalMatch8.0.0beta1

drupaldrupalMatch8.0.0beta10

drupaldrupalMatch8.0.0beta11

drupaldrupalMatch8.0.0beta12

drupaldrupalMatch8.0.0beta13

drupaldrupalMatch8.0.0beta14

drupaldrupalMatch8.0.0beta15

drupaldrupalMatch8.0.0beta16

drupaldrupalMatch8.0.0beta2

drupaldrupalMatch8.0.0beta3

drupaldrupalMatch8.0.0beta4

drupaldrupalMatch8.0.0beta6

drupaldrupalMatch8.0.0beta7

drupaldrupalMatch8.0.0beta9

drupaldrupalMatch8.0.0rc1

drupaldrupalMatch8.0.0rc2

drupaldrupalMatch8.0.0rc3

drupaldrupalMatch8.0.0rc4

drupaldrupalMatch8.0.1

drupaldrupalMatch8.0.2

drupaldrupalMatch8.0.3

drupaldrupalMatch8.0.4

drupaldrupalMatch8.0.5

drupaldrupalMatch8.0.6

drupaldrupalMatch8.1.0

drupaldrupalMatch8.1.0beta1

drupaldrupalMatch8.1.0beta2

drupaldrupalMatch8.1.0rc1

drupaldrupalMatch8.1.1

drupaldrupalMatch8.1.2

drupaldrupalMatch8.1.3

drupaldrupalMatch8.1.4

drupaldrupalMatch8.1.5

drupaldrupalMatch8.1.6

drupaldrupalMatch8.1.7

drupaldrupalMatch8.1.8

drupaldrupalMatch8.1.9

CPENameOperatorVersion
drupal:drupaldrupaleq8.0.0
drupal:drupaldrupaleq8.0.1
drupal:drupaldrupaleq8.0.2
drupal:drupaldrupaleq8.0.3
drupal:drupaldrupaleq8.0.4
drupal:drupaldrupaleq8.0.5
drupal:drupaldrupaleq8.0.6
drupal:drupaldrupaleq8.1.0
drupal:drupaldrupaleq8.1.1
drupal:drupaldrupaleq8.1.2

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	8.0.0
drupal:drupal	drupal	eq	8.0.1
drupal:drupal	drupal	eq	8.0.2
drupal:drupal	drupal	eq	8.0.3
drupal:drupal	drupal	eq	8.0.4
drupal:drupal	drupal	eq	8.0.5
drupal:drupal	drupal	eq	8.0.6
drupal:drupal	drupal	eq	8.1.0
drupal:drupal	drupal	eq	8.1.1
drupal:drupal	drupal	eq	8.1.2