Lucene search

[email protected]NVD:CVE-2013-2177

HistoryJun 25, 2013 - 6:55 p.m.

CVE-2013-2177

2013-06-2518:55:01

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label.

Affected configurations

Nvd

Node

kristof_de_jaegerdisplay_suiteMatch7x-1.0

kristof_de_jaegerdisplay_suiteMatch7x-1.0-rc3

kristof_de_jaegerdisplay_suiteMatch7x-1.1

kristof_de_jaegerdisplay_suiteMatch7x-1.2

kristof_de_jaegerdisplay_suiteMatch7x-1.3

kristof_de_jaegerdisplay_suiteMatch7x-1.4

kristof_de_jaegerdisplay_suiteMatch7x-1.5

kristof_de_jaegerdisplay_suiteMatch7x-1.6

kristof_de_jaegerdisplay_suiteMatch7x-2.0

kristof_de_jaegerdisplay_suiteMatch7x-2.0-beta1

kristof_de_jaegerdisplay_suiteMatch7x-2.0-beta2

kristof_de_jaegerdisplay_suiteMatch7x-2.0-beta3

kristof_de_jaegerdisplay_suiteMatch7x-2.0-dev

kristof_de_jaegerdisplay_suiteMatch7x-2.0-rc1

kristof_de_jaegerdisplay_suiteMatch7x-2.1

kristof_de_jaegerdisplay_suiteMatch7x-2.2

AND

drupaldrupalMatch-

VendorProductVersionCPE
kristof_de_jaegerdisplay_suite7x-1.0cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.0:*:*:*:*:*:*:*
kristof_de_jaegerdisplay_suite7x-1.0-rc3cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.0-rc3:*:*:*:*:*:*:*
kristof_de_jaegerdisplay_suite7x-1.1cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.1:*:*:*:*:*:*:*
kristof_de_jaegerdisplay_suite7x-1.2cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.2:*:*:*:*:*:*:*
kristof_de_jaegerdisplay_suite7x-1.3cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.3:*:*:*:*:*:*:*
kristof_de_jaegerdisplay_suite7x-1.4cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.4:*:*:*:*:*:*:*
kristof_de_jaegerdisplay_suite7x-1.5cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.5:*:*:*:*:*:*:*
kristof_de_jaegerdisplay_suite7x-1.6cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.6:*:*:*:*:*:*:*
kristof_de_jaegerdisplay_suite7x-2.0cpe:2.3:a:kristof_de_jaeger:display_suite:7x-2.0:*:*:*:*:*:*:*
kristof_de_jaegerdisplay_suite7x-2.0-beta1cpe:2.3:a:kristof_de_jaeger:display_suite:7x-2.0-beta1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kristof_de_jaeger	display_suite	7x-1.0	cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.0:::::::*
kristof_de_jaeger	display_suite	7x-1.0-rc3	cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.0-rc3:::::::*
kristof_de_jaeger	display_suite	7x-1.1	cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.1:::::::*
kristof_de_jaeger	display_suite	7x-1.2	cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.2:::::::*
kristof_de_jaeger	display_suite	7x-1.3	cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.3:::::::*
kristof_de_jaeger	display_suite	7x-1.4	cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.4:::::::*
kristof_de_jaeger	display_suite	7x-1.5	cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.5:::::::*
kristof_de_jaeger	display_suite	7x-1.6	cpe:2.3:a:kristof_de_jaeger:display_suite:7x-1.6:::::::*
kristof_de_jaeger	display_suite	7x-2.0	cpe:2.3:a:kristof_de_jaeger:display_suite:7x-2.0:::::::*
kristof_de_jaeger	display_suite	7x-2.0-beta1	cpe:2.3:a:kristof_de_jaeger:display_suite:7x-2.0-beta1:::::::*

Rows per page:

1-10 of 171

References

osvdb.org/94234

seclists.org/fulldisclosure/2013/Jun/94

drupal.org/node/2017639

drupal.org/node/2017641

drupal.org/node/2017933

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Related for NVD:CVE-2013-2177

drupal1 cve1 prion1 cvelist1