Lucene search

[email protected]NVD:CVE-2015-4386

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4386

2015-06-1514:59:42

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML via unknown vectors involving creating or editing (1) comments, (2) taxonomy terms, or (3) nodes.

Affected configurations

Nvd

Node

entitybulkdelete_projectentitybulkdeleteMatch7.x-1.0drupal

VendorProductVersionCPE
entitybulkdelete_projectentitybulkdelete7.x-1.0cpe:2.3:a:entitybulkdelete_project:entitybulkdelete:7.x-1.0:*:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
entitybulkdelete_project	entitybulkdelete	7.x-1.0	cpe:2.3:a:entitybulkdelete_project:entitybulkdelete:7.x-1.0:::::drupal::

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/74347

www.drupal.org/node/2463049

www.drupal.org/node/2463831

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Related for NVD:CVE-2015-4386

cve1 cvelist1 prion1 drupal1