Lucene search

[email protected]NVD:CVE-2013-5315

HistoryAug 19, 2013 - 11:55 p.m.

CVE-2013-5315

2013-08-1923:55:09

CWE-79

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

JSON

Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than CVE-2013-4174.

Affected configurations

NVD

Node

owsscaldMatch6.x-1.0alpha1

owsscaldMatch6.x-1.0beta1

owsscaldMatch6.x-1.0beta2

owsscaldMatch6.x-1.xdev

owsscaldMatch7.x-1.0

AND

drupaldrupalMatch-

References

drupalcode.org/project/scald.git/blobdiff/9ce68f67a25200afa5256f567ef89bc4b9fd705e..974a5e29f502a58e6a955d69a85bb5f16c1c8b3e:/mee/mee.module

drupalcode.org/project/scald.git/commitdiff/32db1ee

osvdb.org/95625

seclists.org/fulldisclosure/2013/Jul/224

secunia.com/advisories/54144

www.securityfocus.com/bid/61426

drupal.org/node/2049239

drupal.org/node/2049415

exchange.xforce.ibmcloud.com/vulnerabilities/85964

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for NVD:CVE-2013-5315

cve2 prion2 cvelist2 nvd1 drupal1