CVE-2014-1611

2014-01-3018:00:00

mitre

www.cve.org

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.3%

JSON

Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field.

References

osvdb.org/102126

packetstormsecurity.com/files/124803/Drupal-Anonymous-Posting-7.x-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/Jan/77

secunia.com/advisories/56476

drupal.org/node/2173321

drupal.org/node/2173437

exchange.xforce.ibmcloud.com/vulnerabilities/90526