Lucene search
HistoryApr 21, 2015 - 4:59 p.m.
CVE-2015-3344
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.3
Confidence
High
EPSS
0.001
Percentile
44.6%
Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
Affected configurations
Node
dlc_solutionscourseMatch6.x-1.0-alpha1drupal
ORdlc_solutionscourseMatch6.x-1.0-rc1drupal
ORdlc_solutionscourseMatch6.x-1.0-rc2drupal
ORdlc_solutionscourseMatch6.x-1.0-rc3drupal
ORdlc_solutionscourseMatch6.x-1.0-rc4drupal
ORdlc_solutionscourseMatch6.x-1.0-rc5drupal
ORdlc_solutionscourseMatch6.x-1.0-rc6drupal
ORdlc_solutionscourseMatch6.x-1.0-rc7drupal
ORdlc_solutionscourseMatch6.x-1.0-rc8drupal
ORdlc_solutionscourseMatch6.x-1.0-rc9drupal
ORdlc_solutionscourseMatch6.x-1.0-rc10drupal
ORdlc_solutionscourseMatch6.x-1.1drupal
ORdlc_solutionscourseMatch6.x-1.x-devdrupal
ORdlc_solutionscourseMatch7.x-1.0drupal
ORdlc_solutionscourseMatch7.x-1.0-alpha1drupal
ORdlc_solutionscourseMatch7.x-1.0-alpha2drupal
ORdlc_solutionscourseMatch7.x-1.0-alpha3drupal
ORdlc_solutionscourseMatch7.x-1.0-beta1drupal
ORdlc_solutionscourseMatch7.x-1.0-beta2drupal
ORdlc_solutionscourseMatch7.x-1.0-beta3drupal
ORdlc_solutionscourseMatch7.x-1.0-rc1drupal
ORdlc_solutionscourseMatch7.x-1.0-rc2drupal
ORdlc_solutionscourseMatch7.x-1.0-rc3drupal
ORdlc_solutionscourseMatch7.x-1.0-rc4drupal
ORdlc_solutionscourseMatch7.x-1.1drupal
ORdlc_solutionscourseMatch7.x-1.2drupal
ORdlc_solutionscourseMatch7.x-1.3drupal
ORdlc_solutionscourseMatch7.x-1.x-devdrupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dlc_solutions | course | 6.x-1.0-alpha1 | cpe:2.3:a:dlc_solutions:course:6.x-1.0-alpha1:*:*:*:*:drupal:*:* |
| dlc_solutions | course | 6.x-1.0-rc1 | cpe:2.3:a:dlc_solutions:course:6.x-1.0-rc1:*:*:*:*:drupal:*:* |
| dlc_solutions | course | 6.x-1.0-rc2 | cpe:2.3:a:dlc_solutions:course:6.x-1.0-rc2:*:*:*:*:drupal:*:* |
| dlc_solutions | course | 6.x-1.0-rc3 | cpe:2.3:a:dlc_solutions:course:6.x-1.0-rc3:*:*:*:*:drupal:*:* |
| dlc_solutions | course | 6.x-1.0-rc4 | cpe:2.3:a:dlc_solutions:course:6.x-1.0-rc4:*:*:*:*:drupal:*:* |
| dlc_solutions | course | 6.x-1.0-rc5 | cpe:2.3:a:dlc_solutions:course:6.x-1.0-rc5:*:*:*:*:drupal:*:* |
| dlc_solutions | course | 6.x-1.0-rc6 | cpe:2.3:a:dlc_solutions:course:6.x-1.0-rc6:*:*:*:*:drupal:*:* |
| dlc_solutions | course | 6.x-1.0-rc7 | cpe:2.3:a:dlc_solutions:course:6.x-1.0-rc7:*:*:*:*:drupal:*:* |
| dlc_solutions | course | 6.x-1.0-rc8 | cpe:2.3:a:dlc_solutions:course:6.x-1.0-rc8:*:*:*:*:drupal:*:* |
| dlc_solutions | course | 6.x-1.0-rc9 | cpe:2.3:a:dlc_solutions:course:6.x-1.0-rc9:*:*:*:*:drupal:*:* |
Related
cvelist
cvelist
CVE-2015-3344
2015-04-21 16:00:00
prion
prion
Cross site scripting
2015-04-21 16:59:00
drupal
drupal
SA-CONTRIB-2015-002 - Course - Cross Site Scripting (XSS)
2015-01-07 00:00:00
cve
cve
CVE-2015-3344
2015-04-21 16:59:04
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.3
Confidence
High
EPSS
0.001
Percentile
44.6%
Related for NVD:CVE-2015-3344